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enterprise  backup  product.  But  backup  is  just  the  beginning.  With  the  industry's  only 
truly  unified  single  platform,  Simpana®  software  provides  a  dramatically  superior  way 
for  enterprises  to  handle  data  protection,  eDiscovery,  recovery,  and  information 
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Si  OPINION 

4  Editor’s  Note:  Don  Tennant 

gets  a  glimpse  of  how  life  in  IT  could 
be  if  someone  would  only  dare  to 
question  why  things  have  always 
been  done  a  certain  way. 

21  Steven  J.  Vaughan  Nichols 

thinks  Google  will  have  a  desktop  OS 
on  the  market  this  year. 

35  Bart  Perkins  sees  the  reces¬ 
sion  as  a  perfect  opportunity  to  chal¬ 
lenge  the  status  quo. 

40  Frankly  Speaking:  Frank 

Hayes  says  seme  cheap  consumer 
tech  can  be  a  royal  pain  -  or  inexpen¬ 
sive  problem-solver  -  for  IT. 


■  DEPARTMENTS 

18  The  Grill:  Polycom  CEO 

Robert  Hagerty  talks  about  the 
long-awaited  arrival  of  “spooky- 
good"  videoconferencing  and  the 
next  big  thing:  videoconferencing  on 
handheld  devices. 


34  Security  Manager’s 
Journal:  Location  a 
Small  Detail  in 
Security  World.  Rus¬ 
sia?  China?  Vietnam?  It 
makes  no  difference  where  your  out¬ 
sourcing  partners  are,  as  long  as  you 
have  solid  security  policies  in  place 
and  set  the  right  tone  at  the  start. 


36  Career 
Watch:  Be- 
yond.com  CEO 
Rich  Milgram 

assesses  the 
employment 
outlook. 


38  Shark  Tank: 

Sometimes  users  can’t 
tell  their  left  from 
their  right. 


■  ALSO  IN  THIS  ISSUE 
Letters  5 

Company  Index  38 


■  FEATURES 

22  What  Recession? 

COVER  STORY:  Without  IT  innovation  and  efficiency,  Kiva 
wouldn’t  be  able  to  fulfill  its  mission  of  helping  entrepre¬ 
neurs  in  developing  countries,  like  Alexandra  Castro  of 
Ecuador  (above).  Doing  much  more  with 
much  less  is  business  as  usual  for  the 
nonprofit  microfinancing  organization. 

28  Server 
Virtualization  Quiz 

So  you  think  you’re  an  expert? 

Find  out  how  much  you  really  know. 

32  Has  Process 
Standardization 
Gone  Too  Far? 

Q&A:  Dartmouth  College’s  M.  Eric 
Johnson  argues  that  some  process¬ 
es  are  really  more  art  than  science 
and  need  to  be  treated  that  way. 


SAS  Business  Intelligence 


Integrated  analytics 
Visualization 

Microsoft  Office  integration 


Reporting 

Query  and  analysis 

OLAP 


■  EDITOR’S  NOTE 

Don  Tennant 


THE  MOOD  at  last  week’s  Computerworld  Premier 
100  IT  Leaders  Conference  in  Orlando  was  decid¬ 
edly  upbeat.  That’s  probably  because  it’s  difficult 
for  even  the  most  curmudgeonly  among  us  to  be 
downcast  when  surrounded  by  people  who  tend  to  be  as  car¬ 
ing  as  they  are  accomplished. 


That’s  the  sort  of  people 
we  honor  each  year,  and 
when  you  get  the  Premier 
100  honorees  and  alumni 
together  in  one  place,  the 
vibe  is  nothing  if  not  uplift¬ 
ing.  That’s  not  to  say  that 
anyone  had  on  rose-colored 
glasses.  The  recession’s 
crippling  global  impact  was 
at  the  forefront  of  onstage 
presentations  and  hallway 
discussions  alike,  and  the 
seriousness  of  the  situation 
was  lost  on  no  one. 

Yet  there  was  a  recogni¬ 
tion  that  better  times  lie 
ahead.  The  recession  will 
end,  the  economy  will  turn 
around,  and  the  talented 
people  who  have  lost  their 
jobs  will  return  to  work. 
Preparing  and  positioning 
ourselves,  our  employees 
and  our  companies  for 
that  inevitability  is  the 
demanding  task  at  hand, 
we  hear. 

It’s  a  cycle.  Simple  as 
that.  There  have  been 
downturns  and  recoveries 
in  the  past,  and  there  will 
be  downturns  and  recov¬ 
eries  in  the  future.  That’s 
just  the  way  it  works.  It’s 
how  we’ve  always  done  it. 

Maybe  that’s  the  problem. 


“It’s  how  we’ve  always 
done  it”  is  a  laughable  line 
in  discussions  about  things 
like  process  management. 
If  we’ve  learned  anything 
in  the  relentless  quest  to 
align  what  IT  does  with 
what  the  business  needs,  it’s 
that  doing  things  a  certain 
way  because  that’s  the  way 
they’ve  always  been  done 
is  just  plain  stupid.  So  why 
not  apply  the  same  stupid¬ 
ity  metric  to  the  economy? 

There’s  a  reason  why 
the  economy  keeps  col¬ 
lapsing  every  time  we  fix 
it.  What  is  it?  More  to  the 
point,  why  must  it  collapse 
in  the  first  place?  Why 
have  we  succumbed  to 
the  notion  that  economic 
performance  is  necessarily 
cyclical  and  that  times  of 
economic  suffering  are,  in 


turn,  unavoidable? 

One  of  the  best  things 
about  a  gathering  like  the 
Premier  100  conference  is 
that  you  get  glimpses  of 
how  things  could  be  when 
someone  dares  to  ques¬ 
tion  the  way  things  have 
always  been.  One  of  those 
glimpses  came  during  a 
roundtable  discussion  on 
IT  labor  in  which  the  sub¬ 
ject  of  the  graying  of  the 
workforce  came  up. 

Several  of  the  IT  execu¬ 
tives  present  mentioned 
their  concern  that  a  large 
percentage  of  their  em¬ 
ployees  are  nearing  retire¬ 
ment,  and  the  executives 
were  at  a  loss  to  figure 
out  how  they  were  going 
to  retain  the  institutional 
knowledge  held  by  those 
employees.  What  do  you 
do  when  your  workers 
reach  retirement  age  but 
the  systems  under  their 
stewardship  will  long  re¬ 
main  critical  to  the  compa¬ 
ny’s  operations? 

Bob  Fecteau,  CIO  at  BAE 
Systems  Customer  Solu¬ 
tions  and  a  2009  Premier 
100  honoree,  presented  an 
idea  that  clearly  intrigued 
many  of  his  colleagues 


M  Why  have  we 
succumbed  to 
the  notion  that 
economic  perfor- 
|  mance  is  neces¬ 
sarily  cyclical 
and  that  economic 
I  suffering  is 
unavoidable? 


around  the  table.  We’ve 
long  had  an  institutional¬ 
ized  system  that  enables 
young  people  to  enter  the 
workforce  as  interns.  Why 
don’t  we  have  an  equally 
well-established  system 
that  enables  older  people 
to  exit  the  workforce  as  ex- 
terns ?  The  aim  would  be  to 
extend  the  employment  of 
our  workers  in  a  way  that 
accounts  for  their  physi¬ 
cal  limitations  and  the 
company’s  compensation 
constraints. 

“You  come  in  young; 
you’re  paid  little.  As  you 
get  older,  the  salary  starts 
to  peak.  We  haven’t  fig¬ 
ured  out  the  regression 
side  of  that  scale  very 
well,”  Fecteau  said.  “When 
you  get  to  the  peak,  is  it  a 
cliff,  or  is  it  a  slope?”  By 
adjusting  work  hours,  re¬ 
sponsibilities  and  salaries, 
more-seasoned  workers 
can  contribute  longer  to 
the  company  and  to  the 
economy. 

Extern  programs  aren’t 
the  norm  because  we’ve 
never  done  it  that  way. 
Instead,  we’ve  thrown 
valuable  knowledge  and 
skills  over  the  cliff.  When 
we  recognize  how  stupid 
that  is  and  do  something 
about  it,  we’ll  be  one  step 
closer  to  ending  our  acqui¬ 
escence  to  the  inevitability 
of  economic  suffering.  ■ 
Don  Tennant  is  Computer- 
world’s  senior  editor- 
at-large.  You  can  contact 
him  at  don_tennant@ 
computerworld.com,  and 
visit  his  blog  at  http:// 
blogs.computerworld.com/ 
tennant. 
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LETTERS  ■ 


Generational  Clashes 
Are  Nothing  New 

The  article  “Clash  of  the  Genera¬ 
tions”  in  the  Feb.  16  issue  made  me 
smile.  I  am  a  baby  boomer,  cur¬ 
rently  51  years  old.  Thirty  years 
ago,  when  I  and  the  other  boomers 
were  the  young  bucks,  the  older 
generation  of  the  day  disliked  our 
casual  dress  habits  and  what  they 
perceived  as  our  lack  of  profession¬ 
alism.  We  wanted  to  try  our  new 
ideas.  We  wanted  flexible  work 
schedules.  We  lived  and  breathed 
our  work.  We  hung  out  with  co¬ 
workers:  sports,  vacations,  trying 
new  experiences. 

Then,  we  married  and  raised  chil¬ 
dren,  and  our  priorities  changed. 

We  advanced  in  our  careers  and  be¬ 
came  responsible  for  other  people 
on  the  job.  We  started  taking  fewer 
risks  at  work  because  we  had  more 
to  lose.  We  depended  upon  our 
higher  salaries  to  pay  for  mortgages 
and  the  things  our  families  needed 
—  and  bigger  and  better  vacations. 

We  are  not  seeing  anything  new 
today.  What  we  are  seeing  is  the 
rising  generation  asserting  its  will 


and  the  receding  generation  resist¬ 
ing  change.  It’s  just  different  groups 
of  people  in  different  phases  of 
their  lives.  In  30  years,  millennials 
will  sound  much  like  the  boomers 
of  today  describing  the  new  rising 
generation. 

■  Michael  Gillson,  programmer/ 
analyst,  Chugach  Electric  Association 
Inc.,  Anchorage,  Alaska,  michael_ 
gillson@chugachelectric.com 

IT  Doesn’t  Always  Have 
A  Seat  at  the  Table 

The  key  statement  in  Don  Tennant’s 
Feb.  23  Editor’s  Note,  “Alleviating 
Panic,”  is,  I  would  say,  his  quote  from 
Sunoco’s  CIO,  Peter  Whatnell:  “The 
CIO  is  first  and  foremost  a  member 
of  the  management  team.”  ’Tain’t 
necessarily  so.  Or  perhaps  I  should 
say,  the  senior  person  in  the  IT  area 
does  not  always  have  the  CIO  title 
and  is  not  always  a  member  of  the 
management  team.  This  doesn’t 
mean  I  have  to  panic,  but  it  does 
make  doing  the  job  more  difficult. 

■  Dan  Poor,  registrar  and  director 
of  technology,  Meriden,  N.H. 


Find  these  stories  at  computerworld.com/more 


Cloud  Computing: 

You  Need  an  Exit  Strategy 

For  all  its  popularity,  cloud  computing 
provokes  fears  of  vendor  lock-in.  We 
assess  the  risk  factors. 


iPhone  Apps  Offer  a 
Glimpse  of  the  Future 

Software  that  pushes  the  enve¬ 
lope  gives  us  a  hint  of  the  future 
of  smartphone  software.  We 
gaze  into  our  crystal  ball  and 
pick  some  winners. 


Six  Word  2007  Timesavers 

These  tips  will  help  you  get  the  most  out  of 
Word  2007.  Among  other  things, 
you  can  edit  in  Print  Preview 
mode  and  highlight  all  appear¬ 
ances  of  a  word  or  phrase. 
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Safari  4  Beta: 

Innovative,  Fast,  Fun 

REVIEW:  Apple’s  new  browser  will  wow 
users,  thanks  to  useful  new  features,  slick 
interface  tweaks,  speedy  page-rendering 
and  smart  development  decisions  that  were 
based  on  how  people  actually  surf  the  Web. 
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LEGAL  ISSUES 


DOJ:  EMC 

Overcharged  U.S.  Agencies 


THE  U.S.  Department 
of  Justice  last  week 
disclosed  that  it  has 
intervened  in  a  2006 
lawsuit  charging  that  EMC 
Corp.  gave  kickbacks  to 
federal  IT  consultants  and 
overcharged  government 
agencies  for  hardware,  soft¬ 
ware  and  services. 

Hopkinton,  Mass.-based 
EMC  had  acknowledged 
in  its  2008 10-K  filing  with 
the  U.S.  Securities  and  Ex¬ 
change  Commission  that  the 
DOJ  was  investigating  the 
kickback  and  overcharging 
allegations,  but  it  quickly 
denied  any  wrongdoing. 

“We  did  not  make  im¬ 


proper  payments  to  business 
partners,  and  we  did  not 
engage  in  inaccurate  pric¬ 
ing  practices,”  said  EMC 
spokesman  Patrick  Cooley. 

The  lawsuit  was  filed 
in  2006  in  federal  court  in 
Little  Rock,  Ark.,  by  former 
Accenture  Ltd.  employees 
Norman  Rille  and  Neal 
Roberts  under  the  whistle¬ 
blower  provisions  of  the 
federal  False  Claims  Act. 

Rille  and  Roberts  charged 
that  EMC  had  been  submit¬ 
ting  false  claims  to  federal 
agencies  for  products  and 
services  since  the  late  1990s. 

In  a  statement  issued  last 
week,  the  DOJ  said  that  “the 


THE  WEEK  AHEAD 

MONDAY:  The  Global  Women’s  Technology  Collaborative,  a 
group  looking  to  get  more  girls  and  women  involved  in  tech* 
nology,  is  due  to  hold  a  kickoff  meeting  at  the  United  Nations. 

TUESDAY:  The  IEEE  plans  to  mark  its  125th  anniversary 
with  a  webcast  featuring  a  panel  discussion  on  human* 
technology  interaction  in  areas  such  as  biometrics  and  robotics. 

WEDNESDAY:  Computerworld  and  sister  publication  InfoWorld 
jointly  host  a  virtual  conference  on  enterprise  architecture. 


Microsoft  Corp.  last  week 
said  that  three  Windows 
security  updates,  including 
one  rated  “critical,”  will  be 
released  tomorrow. 

The  company  acknowledged, 
however,  that  it  will  not  deliver 
a  fix  for  an  Excel  flaw  that  at¬ 
tackers  are  now  exploiting. 

Microsoft  didn’t  disclose 
details  of  the  patches,  other 
than  to  say  which  versions  of 
Windows  will  be  affected. 

“It’s  pretty  nebulous,”  said 
Andrew  Storms,  director  of 
security  operations  at  nCircle 
Network  Security  Inc.  “They 
could  be  any  number  of  things.” 


core  of  the  allegations ...  is 
that  EMC  made  payments  of 
money  and  other  things  of 
value  (alliance  benefits)  to  a 
number  of  systems  integra¬ 
tion  consultants  and  other 
alliance  partners  with  whom 
it  had  alliance  relationships.” 

It  added  that  the  “benefits 
paid  by  EMC  amount  to  kick- 
backs  and  undisclosed  con¬ 
flict-of-interest  relationships.” 

The  DOJ  also  alleges  that 
EMC  effectively  overcharged 
federal  agencies  by  making 
false  statements  to  the  Gen¬ 
eral  Services  Administration 
about  its  commercial  pricing 
practices.  DOJ  officials  de¬ 
clined  to  comment  further 
on  why  the  department 
joined  the  lawsuit. 

“The  matters  at  issue  in 
this  case  are  historical  in  na¬ 
ture;  some  of  the  allegations  j 
relate  to  events  nearly  10 
years  old,”  Cooley  said  in  an  j 
e-mail.  “We  will  vigorously 
defend  this  case  and  the 
many  years  EMC  has  spent 
serving  the  U.S.  government.” 

EMC  said  in  its  10-K  filing 
that  it  faces  various  possible 
sanctions,  including  “fines, 
penalties  and  other  sanc¬ 
tions,  including  suspension 
or  debarment  from  sales  to 
the  federal  government.” 

The  DOJ  in  2007  inter¬ 
vened  in  similar  federal 
whistle-blower  lawsuits  filed 
by  Rille  and  Roberts  against 
Hewlett-Packard,  Sun  Micro¬ 
systems  and  Accenture. 

—  Lucas  Mearian 


It’s  pretty  nebu¬ 
lous.  [The  flaws 
patched]  could  be  any 
number  of  things. 

ANDREW  STORMS,  nCIRCLE 


The  critical  update  will 
affect  all  still-supported  edi¬ 
tions  of  the  operating  system, 
including  Windows  2000,  XP, 
Server  2003,  Vista  and  Serv¬ 
er  2008.  Unpatched  “critical” 
bugs  allow  PCs  to  be  hijacked 
by  hackers  without  any  action 
by  users.  The  other  updates, 
labeled  “important,”  fix  so- 
called  spoofing  bugs,  which 
typically  are  used  to  trick  us¬ 
ers  into  divulging  confidential 
information. 


-  GREGG  KEIZER 
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1,200,000  " 

TRANSACTIONS  PER  MINUTE. 

DONE. 

Introducing  the  world’s  fastest  x86-64  server.  The  IBM  System  x3950  M2  with  eX4  technology, 

Intel®  Xeon®  7400  series  processors  and  IBM  DB2®  has  set  a  new  performance  record.  IBM 

has  built  the  first  x86-64  system  to  break  the  one-million-transactions-per-minute  barrier! 

It’s  a  new  standard  in  performance  that  improves  efficiency  and  can  help  save  money  in 

transaction  and  database  processing.  Find  out  how  it  can  help  you  keep  pace  in  a  faster 

world  at  ibm.com/systems/fastest  STOP  TALKING  START  DOING™ 

' 


’IBM  System  x3950  M2  with  the  Intel  Xeon  Processor  X7460  (2.66GHz  8  processors/48  cores/48  threads).  1.200,632  tpmC.  $1.99  USD  /  tpmC.  availability  as  of  December  10  2008  Results  > 
are  current  as  of  August  19,  2008.  To  view  all  TPC  benchmark  results,  visit  www.tpc.org.  TPC.  TPC-C  and  tpmC  are  trademarks  of  the  Transaction  Processing  Performance  Council  IBM,  she 
System  x,  ibm.com,  DB2  and  STOP  TALKING  START  DOING  are  trademarks  of  International  Business  Machines  Corporation,  registered  in  many  jurisdictions  worldwide.  A  current  list  of  IBM  ;  v. 
available  on  the  Web  at  “Copyright  and  trademark  information"  at  www.ibm.com/legal/copytrade.shtml  Intel,  the  Intel  Logo,  Xeon,  and  Xeon  Inside  are  trademarks  or  registered  trad'  :  m 
Corporation  in  the  United  States  and  other  countries.  ©  2009  IBM  Corporation.  All  rights  reserved 
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Classified  information  about  Marine  One’s  onboard  systems 
was  found  in  a  shared  folder  on  a  computer  located  in  Iran. 


SECURITY 

Data  About  Presidential 
Helicopter  Leaked  via  P2P 


A  COMPANY  THAT 
monitors  peer-to- 
peer  networks  said 
it  found  classified 
information  about  the  sys¬ 
tems  used  onboard  the  U.S. 
president’s  helicopter  in  a 
shared  folder  on  a  computer 
in  Iran,  after  a  file  contain¬ 
ing  the  data  was  accidental¬ 
ly  leaked  on  a  peer-to-peer 
network  last  summer. 

The  file  appears  to  have 
come  from  a  computer  be¬ 
longing  to  a  Bethesda,  Md.- 
based  military  contractor, 
according  to  Tiversa  Inc., 


which  said  it  discovered  the 
classified  material  on  the 
Iranian  system  on  Feb.  26. 

Chris  Gormley,  Tiversa’s 
chief  operating  officer, 
said  the  IP  address  of  the 
system  in  Iran  belongs  to 
an  “information  concen¬ 
trator”  —  someone  who 
searches  P2P  networks  for 
sensitive  data. 

According  to  Gormley, 
Tiversa  first  found  the  data 
about  Marine  One’s  com¬ 
munications,  navigation 
and  flight  management 
systems  on  file-sharing 


wm 


IT  IN  GOVERNMENT 


First  Federal  CIO  Wants  to 
‘Democratize1  Gov’t  Data 


THE  U.S.  Government’s 
first  CIO,  Vivek  Kur.dra,  is 
looking  to  change  the  way 
federal  agencies  use  IT  by 
adopting  consumer  tech¬ 
nologies  and  finding  new 
ways  to  make  government 
data  open  and  accessible. 

Kundra,  the  District  of  Colum¬ 
bia’s  CTO,  was  appointed  to  the 
newly  created  post  last  week  by 


President  Barack  Obama. 

Obama  had  announced 
early  in  his  campaign 
that  he  would  name  a 
chief  technology  officer, 
but  the  new  CIO  post 
was  a  bit  of  a  surprise. 
The  administration  still 
plans  to  hire  a  CTO. 

In  a  conference  call  with  report¬ 
ers,  Kundra  said  he  plans  to  create 


networks  last  summer. 

The  company  notified  the 
defense  contractor  and  law 
enforcement  authorities 
back  then,  he  said.  But,  he 
added,  the  finding  in  Iran 
shows  that  the  information 
is  still  available  online. 

There  are  numerous 
other  examples  of  sensitive 
data  leaking  onto  P2P  net¬ 
works.  In  2007,  for  instance, 
security  researchers  told 
federal  lawmakers  that  they 
had  found  millions  of  clas¬ 
sified  documents,  including 
a  diagram  of  the  Pentagon’s 
secret  backbone  network 
infrastructure,  complete 
with  IP  addresses  and 
password-change  scripts. 

That  same  year,  the  per¬ 
sonal  data  of  17,000  workers 
at  Pfizer  Inc.  was  exposed 
after  an  employee  installed 
file-sharing  software  on  a 
company-owned  laptop. 

Gartner  Inc.  analyst  Avi- 
vah  Litan  said  IT  managers 
should  take  measures  such 
as  encrypting  files,  prevent¬ 
ing  P2P  software  from  being 
installed  on  PCs  and  block¬ 
ing  P2P  traffic  at  network 
gateways.  The  availability  of 
the  Marine  One  data  “drives 
home  the  point,”  Litan  said, 
“that  companies  cannot 
forget  about  P2P.” 

—  Jaikumar  Vijayan 


a  Web  site  called  Data.gov  that 
would  “democratize”  the  federal 
government’s  vast  information  re¬ 
sources,  making  them  accessible 
in  open  formats  and  in  feeds  for 
developers. 

He  also  said  he  hopes  to  use 
emerging  technologies  like  cloud 
computing  to  cut  the  need  for  ex¬ 
pensive  contractors  who  often  end 
up  “on  the  payroll  indefinitely.” 

As  the  District  of  Columbia’s 
CTO,  Kundra  built  a  reputation 
for  pushing  technology  in  new 
directions.  For  example,  the  dis¬ 


Moziiia  Corp  patched 
eight  security  vulnerabili¬ 
ties  in  Firefox  and  described 
half  of  them  as  critical 
memory-corruption  flaws 
in  the  browser’s  layout 
and  JavaScript  engines. 
Other  patches  fix  flaws 
that  would  let  hackers 
access  personal  data. 

Hewlett-Packard  Co.  ■ 

has  shuttered  its  online 
backup  service,  HP  Upline, 
after  less  than  a  year  of 
operation.  HP  declined  to 
say  why  it  shut  down  the 
subscription-based  offering. 

plans  to 

boost  research  spending 
by  $1  billion  to  $9  billion 
and  increase  its  research 
staff  by  up  to  3,000 
employees,  COO  Kevin 
Turner  said  in  a  speech  at 
the  CeBIT  trade  show. 


CORRECTION 

The  story  “Enterprise 
Linux?  Not  So  Fast”  in  the 
Jan.  19  issue  mistakenly 
listed  a  ratio  of  “admin* 
istrators  to  users”  at 
Qualcomm  Inc.  The  story 
should  have  said  that  the 
company’s  current  ratio 
of  servers  to  administra- 
tors  is  515-to-l. 


trict  now  offers  some  240  online 
feeds  that  provide  residents  and 
businesses  with  a  wide  range  of 
municipal  data,  such  as  building 
permits  and  other  reports. 

Technology  industry  leaders 
like  Scott  McNealy,  chairman  of 
Sun  Microsystems  Inc.,  have  in 
recent  weeks  been  urging  White 
House  officials  to  appoint  a  CIO. 

As  McNealy  recently  told  Com- 
puterworld,  IT  spending  by  the 
federal  government  dwarfs  the  IT 
budgets  of  the  largest  companies. 

-  PATRICK  THIBODEAU 
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When  your  company  is  on  one  network,  it  can  be  truly  flexible.  Expand,  move 

or  merge.  And  do  it  faster  on  a  single  IP  network.  Sprint  Converged  Solutions  lets  you  access  your 
voice,  video  and  data  instantly  on  one  network,  built  end-to-end  with  technologies  that  have  the 
Cisco  Quality  of  Service  certification.  So  you  have  the  flexibility  to  adapt  to  whatever  the  future  brings. 
Get  it  on  the  Now  Network."  ,  <  ,  ; 


Certlfiecf'foy 
Cisco  for  Quality 
of  Service 


sprint,  com/convergence 


By  John  Klossner 


■  NEWS  DIGEST 


CAREERS 

Microsoft  Cut  Some  H-1B 
Workers  but  Will  Hire  More 


M 


ICROSOFT  CORP. 
is  letting  H-1B 
workers  go  as 
part  of  its  plan  to 
lay  off  about  5,000  employ¬ 
ees  over  18  months,  but  the 
vendor  will  continue  to  hire 
visa  holders  as  well,  accord¬ 
ing  to  a  letter  that  it  sent  to 
Sen.  Charles  Grassley  (R- 
Iowa)  last  week. 


H-1B  workers  have 
long  made  crucial 
contributions  to  Microsoft’s 


innovation  successes. ...  We 
are  confident  this  will  con* 
tinue  to  be  true  in  the  future. 


FROM  THE  LETTER  SENT  TO  SEN.  CHARLES 
GRASSLEY  BY  BRAD  SMITH,  MICRO¬ 
SOFT'S  GENERAL  COUNSEL 


In  the  letter,  Microsoft 
general  counsel  Brad  Smith 
told  Grassley  —  a  vocal  critic 
of  the  H-1B  program  —  that 
company  officials  “do  not 
expect  to  see  a  significant 
change  in  the  proportion 
of  H-1B  employees  in  our 
workforce  following  the  job 
reductions.”  Smith  didn’t  dis¬ 
close  the  percentage  of  H-1B 
workers  at  Microsoft,  saying 
only  that  it  is  “small.” 

He  also  said  that  it’s  “too 
early  to  know  the  precise 
answers”  to  questions  such 
as  how  many  visa  holders 
and  U.S.  citizens  will  lose 
their  jobs  in  the  layoffs.  But 
he  noted  that  most  of  the 
1,400  employees  laid  ofF  in 
January  were  U.S.  citizens, 
in  keeping  with  the  makeup 
of  Microsoft’s  workforce. 

The  letter  was  a  response 
to  one  sent  to  Microsoft  in 
January  by  Grassley,  who 
said  it  was  “imperative”  that 
the  company  give  job  prior¬ 
ity  to  U.S.  citizens  over  visa 
holders  during  its  layoffs. 


Grassley  likely  targeted 
Microsoft,  rather  than  the 
many  other  IT  vendors  that 
are  laying  off  workers,  be¬ 
cause  Chairman  Bill  Gates 

has  called  for  an  increase  in  i 

0 

the  annual  cap  on  H-1B  visas  « 
in  congressional  testimony. 

Microsoft  also  was  the  top  \ 
U.S.-based  H-1B  recipient 
during  the  federal  govern¬ 
ment’s  2008  fiscal  year,  with  * 
1,037  approved  visas  —  put¬ 
ting  it  fifth  overall. 

Smith  said  H-1B  holders 
“have  long  made  crucial 
contributions”  to  Micro- 

t 

soft’s  development  efforts 
and  its  “ability  to  help  cre¬ 
ate  jobs  in  this  country.” 

He  added  that  about  90%  of 

i 

Microsoft’s  H-1B  employees 
work  in  core  technology  po-  \ 
sitions  or  engineering  jobs. 

—  Patrick  Thibodeau  t 
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EC’s  Monitoring 
Of  Microsoft  Ends 


BRUSSELS  -  Five  years  after 
its  landmark  antitrust  ruling 
against  Microsoft  Corp.,  the 
European  Commission  last 
week  halted  its  monitoring  of 
the  software  vendor’s  compli¬ 
ance  with  the  ruling. 

The  commission  said  Micro¬ 
soft,  as  required,  has  made  its 
interoperability  information 
available  so  rival  vendors  can 
build  software  that  works 
smoothly  with  Windows.  The 
EC  also  said  rivals  can  force 
continued  access  to  the  informa¬ 
tion  through  European  courts. 

The  commission,  which  filed 
a  new  browser-related  antitrust 
case  against  Microsoft  in  Janu¬ 
ary,  did  note  that  the  vendor  still 


BETWEEN  THE  LINES 


Paul  Twomey  said  he  will 
step  down  as  president  and 

CEO  of  the  Internet  Corpo¬ 
ration  for  Assigned  Names 
and  Numbers  at  year’s  end, 
when  his  contract  expires. 

The  Government  Account¬ 
ability  Office  issued  a  report 
saying  that  the  U.S.  Census 
Bureau  still  has  “signifi¬ 


cant”  IT  testing  work  to  do 
before  the  2010  census. 

The  SCO 

Group  Inc,  sued  IBM,  claim¬ 
ing  it  had  contributed  SCO- 
owned  Unix  code  to  Linux. 
SCO  later  filed  related 
cases  against  Novell  Inc. 
and  users  AutoZone  Inc. 
and  DaimlerChrysler  AG. 


has  “an  ongoing  obligation  to 
supply  complete  and  accurate 
interoperability  information.” 

Neil  Barrett,  a  computer  sci¬ 
entist  at  Cranfield  University 
in  Bedfordshire,  England,  had 
been  monitoring  Microsoft  for 
the  EC  since  2005. 

Paul  Meller, 

IDG  News  Service 

AMD  Completes 
Foundry  Spin-off 

SUNNYVALE,  Calif. -Ad¬ 
vanced  Micro  Devices  Inc.  last 
week  closed  on  a  deal  to  spin 
off  its  manufacturing  opera¬ 
tions  into  a  separate  company. 

Advanced  Technology  Invest¬ 
ment  Co.,  which  is  owned  by 
the  government  of  Abu  Dhabi, 
paid  $700  million  (U.S.)  for  a 
65.8%  stake  in  the  spin-off, 
tentatively  called  The  Foundry 
Co.  AMD  maintains  a  34.2% 
stake  in  the  firm. 

AMD  last  week  also  said  that 


Mubadala  Development  Co., 
another  investment  firm  owned 
by  the  Abu  Dhabi  government, 
has  paid  $125  million  to  boost 
its  stake  in  AMD  to  19.9%. 
Again  Shah, 

IDG  News  Service 


BRIEFLY  NOTED 
HCL  Technologies  Ltd.  in  Noida, 
India,  last  week  was  awarded 
a  $76  million  (U.S.),  seven- 
year  outsourcing  contract  by 
National  Insurance  Co.  HCL  will 
host  the  Kolkata,  India-based 
insurance  firm’s  data  center  and 
provide  systems  integration, 
management  services,  business 
process  re-engineering  and 
business  continuity  services. 
John  Ribeiro, 

IDG  News 
Service 
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CA  Security  Management  software  streamlines  your  IT  security 
environment  so  your  business  can  be  more  secure,  agile  and 
compliant  without  upsizing  your  infrastructure.  All  with  faster 
time  to  value.  Greater  efficiency  starts  with  more  efficient  IT. 


Learn  more  at  ca.com/security 


Visit  us  at  RSA  Conference,  April  20-24,  Booth  #1533 


reserves 


trolling  your  servers,  or  are  they  controlling  you? 
It's  time  for  virtualization  from  CDW. 


HP  VMware®  Infrastructure  3  Enterprise  Edition 

•  Increases  hardware  utilization 

•  Decreases  hardware  and  software  capital  costs 

•  Improves  server-to-server  administrator  ratio  from  10:1  to  30:1 

•  License  plus  one-year,  9x5  support  for  two  processors 


Call  CDW  for  pricing 

CDW  1005579 


Call  CDW  for  pricing 

’CDW  1603177 


VMware  Infrastructure  Midsize  Acceleration  Kit1 

•  Provides  three,  two-processor  nodes  of  VMware  Infrastructure 
Enterprise  with  all  the  advanced  features  of  VMware 
Infrastructure  3 

•  Includes  VMware  VirtualCenter  Foundation  Management  Server 

•  Ideal  for  businesses  that  want  all  the  high-end  benefits  of 
VMware  Infrastructure  in  smaller  initial  deployments  or  that  are 
concerned  about  development  of  in-house  skills  to  successfully 
implement  virtualization 


vmware 


200  COURT  STREET 

Main  Office 

1st  Floor  III 

Servers 
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Servers 
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Servers 
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Additional  hard  drives  sold  separately 
HP  SMART  BUY2 


HP  ProLiant  DL160  G5  Series  Server 

•  Quad-Core  Intel®  Xeon®  Processor  E5405  (2GHz) 

•  Memory:  1GB  std.,  64GB  max.  (PC2-5300) 

•  Hard  drives:  2  x  160GB  SATA;  2TB  maximum  storage 

•  12MB  Level  2  Cache 

•  Two  embedded  NC105i  PCIe  Gigabit  Server  Adapters 


$3179 

CDW  1345091 


HP  ProLiant  DL380  G5  Rack-mount  Server 

•Two  Quad-Core  Intel®  Xeon®  Processors  E5440  (2. 83GHz)  .  Bi 

•  Memory:  4GB  std.,  64GB  max.  (PC2-5300)  aft - W  * 

•  Hard  drives:  none  ship  std.;  up  to  eight  hot-pluggable  SAS/SATA  hard  drive  bays  Hard  drives  sold  separately 

•  24MB  Level  2  Cache  hp  smart  buy2 

•  Two  embedded  NC373i  Multifunction  Gigabit  Network  Adapters 

•  Redundant  fans 


HP  SMART  BUY2 


HP  D2D2503i  Backup  System 

•  Provides  simultaneous  backup  of  up  to  six  servers 

•  Includes  dynamic  de-duplication  that  allows  up  to  50x 
more  backup  data  to  be  retained  in  the  same  disk  over  a 
period  of  time 

•  Raw  capacity  of  3TB  (2.25TB  usable) 

•  75Mbps  performance  delivers  backup  speeds  of  up  to 
270GB/hour 


invent 


invent 


HP  StorageWorks®  2012i  Dual  Controller  Modular  Smart  Array 

•  Manages  growing  storage  requirements  across  multiple  HP  ProLiant 
servers  for  businesses  that  need  a  centralized,  dedicated  storage  Solution 
for  applications 

•  iSCSI  SANs  promote  cost-effective  growth  and  increased  protection  of  the 
data  in  a  familiar  Ethernet  environment 

•  Offers  a  choice  of  drives:  high-performance,  enterprise-class  SAS  drives 
and  low-cost,  high-capacity,  archival-class  SATA 


We're  there  with  the  server  virtualization  solutions  you  need. 

It's  time  to  end  the  server  sprawl.  CDW  can  help  you  run  all  your  operating  systems  and 
applications  from  a  single  virtual  server.  Not  only  does  that  free  up  space  and  lower 
costs,  it  also  reduces  IT  management.  Our  technology  specialists  can  recommend  the 
right  virtualization  solution  for  your  business.  And  our  custom  configuration  services  will 
set  up  your  technology  to  your  specifications.  So  call  CDW  today,  and  finally  put  your 
servers  in  their  place. 


CDW.com  800.399.4CDW 


The  Right  Technology.  Ri 
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Vs, 


AS  THE  ECONOMIC 
news  continues  to 
get  bleaker,  double¬ 
digit  budget  cuts 
are  becoming  a  fact  of  life 
in  many  IT  departments 
—  resulting  in  postponed 
purchases,  delayed  projects, 
hiring  freezes  and  layoffs. 

The  situation  is  undeni¬ 
ably  grim,  posing  stiff  lead¬ 
ership  challenges  for  CIOs. 
But  if  there’s  a  silver  lining, 
it’s  that  key  IT  initiatives  in 
many  cases  are  proceeding 
as  planned,  partly  because 
of  a  desire  among  business 
executives  to  rely  even  more 
heavily  on  technology  to 
help  reduce  corporate  costs 
and  boost  revenues. 

For  example,  Auto  Ware¬ 
housing  Co.’s  IT  staff  has 
been  relatively  lucky  — 
although  certainly  not  un¬ 
scathed.  AWC  processes  new 
cars  for  automakers,  and  it’s 
feeling  the  pain  of  the  drop  in 
car  sales.  For  IT,  that  means 
a  24%  budget  cut  this  year. 

Dale  Frantz,  AWC’s  CIO 
and  chief  technical  officer, 
has  frozen  salaries  and  new 
hiring,  eliminated  most 
travel  and  put  off  hardware 
replacements  and  other  cap¬ 
ital  spending 
until  2010. 

But  Frantz 
said  last  week 
at  Computer- 
world’  s  Premier 
100  IT  Leaders 
Conference  in  Orlando  that 
he  has  been  able  to  avoid  job 
cuts  thus  far.  And  AWC  is 
taking  advantage  of  the  busi¬ 
ness  slowdown  to  expand  its 
systems  to  some  lower-vol¬ 
ume  facilities  that  had  limited 
automation  or  none  at  all. 

The  recession  “isn’t  good 
for  IT  per  se,”  Frantz  said 
prior  to  taking  part  in  a  pan¬ 
el  discussion  on  economic 
issues.  “But  we  do  have  an 
opportunity  to  clean  up  the 
processes  at  facilities  where 
things  maybe  weren’t  as 


imes. 
Hard  Decisions 

For  FT 

With  the  recession  squeezing  IT  budgets, 
cutbacks  are  the  rule.  But  CIOs  are  trying  to  keep 
key  tech  projects  on  track.  By  Craig  Steelman 


efficient  as  they  could  be.” 

Also  helping  to  protect  IT 
jobs,  Frantz  said,  are  the  low¬ 
er  software  licensing  costs 
that  are  kicking  in  as  a  result 
of  AWC’s  conversion  from 
PCs  to  Macintosh  systems, 
which  began  in  2007.  “This 
turned  out  to  be  a  great  year  to 
have  that  happen,”  he  noted. 

Marie  Mouchet,  CIO  for 
electric  utility  Southern 
Co.’s  nuclear,  power  genera¬ 
tion  and  wholesale  power 
units,  said  the  Atlanta-based 
company  has  reduced  over¬ 
all  IT  spending  by  about 
10%  because  of  the  down¬ 


turn.  Her  team  has  cut  merit 
raises,  left  vacancies  un¬ 
filled  and  pushed  back  some 
projects,  Mouchet  said. 

And,  she  added,  when  IT 
managers  meet  later  this 
month  with  the  chief  finan¬ 
cial  officers  of  the  utility’s 
operating  companies  for 
a  quarterly  review  of  tech 
projects,  the  focus  “is  all 
going  to  be  about  cost.” 

But  Mouchet  hasn’t  had  to 
cut  her  IT  head  count,  and 
most  major  projects  remain 
on  track.  That  includes  the 
rollout  of  a  new  billing  sys¬ 
tem  for  wholesale  contracts. 


plus  a  companywide  deploy¬ 
ment  of  Oracle  Corp.’s  finan¬ 
cial  applications  and  IBM’s 
Maximo  asset  management 
software  —  a  project  that  is 
expected  to  cost  hundreds 
of  millions  of  dollars. 

Also,  a  push  to  cut  corpo¬ 
rate  spending  could  acceler¬ 
ate  Southern  Co.’s  adoption 
of  new  technologies,  such 
as  YouTube  for  video-based 
training  and  Amazon.com 
Inc.’s  Kindle  e-book  reader 
for  distributing  repair 
manuals  electronically.  The 
recession  “may  be  a  catalyst 
to  get  a  lot  of  these  things  in 
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quicker,”  Mouchet  said. 

Burlington  Northern 
Santa  Fe  Corp.  is  another 
company  that  has  avoided 
IT  layoffs  and  is  continuing 
to  move  forward  on  major 
projects,  such  as  a  replace¬ 
ment  of  its  voice-mail  sys¬ 
tem  and  an  implementation 
of  SAP  AG’s  financial  and 
human  resources  apps. 

Jo-ann  Olsovsky,  BNSF’s 
CIO,  said  the  Fort  Worth, 
Texas-based  railway  is  cut¬ 
ting  both  capital  spending 
and  operational  expenses 
within  IT  —  primarily  by 
not  filling  open  positions 
and  deferring  work  on  some 
projects  until  next  year. 

But  on  the 
SAP  and  voice- 
mail  projects, 
Olsovsky  said, 
“we’re  either 
so  far  into  it 
that  you  can’t 
turn  around 
or  we  just  have  to  do  it” 
because  the  systems  being 
replaced  are  decades  old. 

Jerome  Oglesby,  chief 
technology  officer  at  Deloitte 
Services  LP,  said  the  shared- 
services  subsidiary  of  audit¬ 
ing  and  consulting  firm 
Deloitte  LLP  has  made  adjust¬ 
ments  “in  a  lot  of  different 
areas.”  He  wouldn’t  specify 


Jerome 

Oglesby 


which  ones  but  said  that  some 
projects  have  been  post¬ 
poned  and  others  canceled. 

Even  with  the  cuts, 
though,  Deloitte  Services  is 
deploying  videoconferenc¬ 
ing  technology 
“at  a  very  fast 
pace”  to  help 
Deloitte’s  op¬ 
erating  units 
reduce  their 
travel  costs, 
Oglesby  said. 

“That’s  one  of  the  differ¬ 
ences  now:  Our  investments 
are  more  targeted,”  he  add¬ 
ed.  “You  really  have  to  get 
focused  on  looking  at  the 
basics  of  the  business  and 
the  business  bottom  line.” 

And  in  many  organiza¬ 
tions,  the  bottom  line  is 
none  too  pretty  —  nor  is  the 
impact  it’s  having  on  IT. 

For  example,  the  number 
of  IT  jobs  in  the  U.S.  count¬ 
ed  by  the  National  Associa¬ 
tion  of  Computer  Consul¬ 
tant  Businesses  declined  in 
each  of  the  last  four  months 
of  2008.  The  NACCB,  which 
uses  data  from  the  U.S.  Bu¬ 
reau  of  Labor  Statistics,  said 
its  tally  of  IT  employment 
fell  by  63,000  jobs  from  Au¬ 
gust  to  December  —  a  drop¬ 
off  of  nearly  2%. 

One  IT  executive  at  the 


conference  said  his  com¬ 
pany  has  laid  off  a  small 
number  of  tech  workers 
as  part  of  a  move  to  cut  its 
IT  budget  by  about  10%. 
“The  big  driver  now  is  cost 
management,”  said  the  exec, 
who  asked  not  to  be  identi¬ 
fied.  But  he  added  that  the 
company  hasn’t  canceled 
any  IT  projects  outright. 

To  help  make  up  for  the 
workforce  reductions,  the 
company’s  IT  department, 
which  had  been  structured 
regionally,  is  tapping  staffers 
from  different  parts  of  the 
world  to  work  on  projects. 
And  the  executive  is  trying 
to  keep  employees’  spirits  up 
by  talking  about  the  role  IT 
can  play  in  helping  to  pull 
companies  out  of  the  slump. 
“The  message  I  have  for  my 
team  is,  we  are  part  of  the 
solution,”  he  said. 

Applied  Ma¬ 
terials  Inc.  also 
has  reduced  its 
IT  staff,  said 
Steve  Finnerty, 
vice  president 
of  IT  demand 
management 
at  the  Santa  Clara,  Calif.- 
based  maker  of  semiconduc¬ 
tor  production  equipment 
and  other  goods.  And  while 
Applied  Materials  plans  to 


Steve 

Finnerty 


complete  the  second  phase 
of  an  SAP  project  this  year, 
Finnerty  said  IT  primarily 
is  looking  to  “leverage  what 
we  already  have  in  place.” 

In  the  wake  of  the  cuts, 
Applied’s  IT  execs  are  trying 
to  boost  morale  by  laying  out 
a  road  map  for  when  business 
conditions  improve.  “We’re 
looking  forward,”  Finnerty 
said,  “not  just  hunkering 
down  and  being  fearful.” 

Another  IT  manager  who 
isn’t  hunkering  down  —  at 
least  not  any  more  than 
usual  —  is  Brian  Lurie,  vice 
president  of  IT  at  Stryker 
Orthopaedics  in  Mahwah, 
N.J.  Lurie  said  his  budget  is 
“pretty  stable.” 

Health  care  is  better  off 
than  many  other  industries. 
But  in  keeping  with  parent 
company  Stryker  Corp.’s 
culture,  the  maker  of  surgi¬ 
cal  implants  takes  a  conser¬ 
vative  approach  toward  IT 
even  in  good  times,  Lurie 
said.  And  its  IT  staff  is  lean, 
with  125  people  supporting 
5,000  workers. 

That’s  below  consulting 
firm  Gartner  Inc.’s  recom¬ 
mended  staffing  level.  But, 
Lurie  said,  “we  don’t  find 
ourselves  on  a  hiring-and- 
firing  roller  coaster”  as  eco¬ 
nomic  conditions  change.  ■ 


Cloud  Computing  Not  Ready  for  Critical  Apps 


Educational  Testing  Service 
(ETS),  developer  of  the  SAT  and 
other  tests,  runs  applications 
on  software-as-a-service  plat¬ 
forms  such  as  Salesforce.com. 
And  CIO  Daniel  Wakeman  has 
benchmarked  internal  servers 
against  Amazon.com’s  Elastic 
Compute  Cloud  (EC2)  service. 

Costs  for  both  were  similar, 
and  cloud  computing  services 
like  EC2  would  enable  ETS, 
which  has  a  highly  cyclical  busi¬ 
ness,  to  ramp  its  processing 
capacity  up  or  down  as  needed. 


But  Wakeman  said  he’s  limiting 
the  company’s  cloud  use  to  pilot 
projects  and  development  test¬ 
ing  -  “things  that  don’t  require 
full  levels  of  security.” 

Cloud  computing  vendors 
such  as  Amazon  and  Google 
still  aren’t  ready  to  meet  cor¬ 
porate  IT  needs,  according  to 
Wakeman  and  other  Premier 
100  conference  attendees. 
Security  concerns  topped  the 
list  of  shortcomings,  but  they 
also  cited  reliability,  availability 
and  manageability  issues. 


“I  probably  wouldn’t  put 
anything  mission-critical  in  the 
cloud  now,”  said  Manjit  Singh, 
CIO  at  Chiquita  Brands  Inter¬ 
national  Inc.  Singh  hopes  to  be 
able  to  do  so  eventually,  but  he’s 
also  worried  that  if  he  decided  to 
switch  cloud  providers,  his  data 
might  not  be  returned  to  him  in  a 
recognizable  form  -  raising  the 
specter  of  vendor  lock-in. 

The  U.S.  Defense  Information 
Systems  Agency  is  deploying 
an  internal  cloud  service  for  use 
!  by  the  Department  of  Defense. 


In  the  future,  DISA  CIO  John 
Garing  wants  to  use  external 
services  as  well.  But  if  things 
continue  as  they  are  at  cloud 
vendors,  “we’re  going  to  be  at 
an  impasse,”  Garing  said. 

Martin  Colburn,  chief  tech¬ 
nology  officer  at  the  Financial 
Industry  Regulatory  Authority  in 
Washington,  also  isn’t  ready  to 
put  his  trust  in  cloud  services  . 
Cloud  computing  is  still  in  the 
“innovation  stage,”  he  said, 
adding  that  its  vendors  will  have 
to  be  as  capable  of  withstand:. 

IT  audits  as  outsourcers  a  re; 
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■  NEWS  ANALYSIS 


The  credit  card  company  says 
that  a  recent  warning  to  banks 
referred  to  an  earlier  incident. 

By  Jaikumar  Vijayan 


VISA  and  Mas¬ 
terCard  have 
probably  been 
slow  to  iden¬ 
tify  the  cause 
of  a  breach  that  they  warned 
banks  about  in  mid-February 
because  they  want  to  com¬ 
plete  an  investigation  into  the 
incident,  analysts  say. 

However,  the  lack  of 
candor  sparked  rampant 
speculation  that  a  new, 
major  breach  had  occurred, 
forcing  Visa  to  later  say  that 
the  warning  referred  to  an 
expanded  investigation  of  a 
previously  known  incident. 

The  saga  began  in  mid- 
February,  when  Foster 
City.  Calif. -based  Visa  Inc. 


started  to  quietly  notify 
banks  and  credit  unions 
that  an  unnamed  credit  card 
processing  company  “ex¬ 
perienced  a  compromise  of 
payment  card  account  infor¬ 
mation  from  its  systems.” 

At  the  same  time,  Pur¬ 
chase,  N.Y.-based  Master- 
Card  International  Inc.  con¬ 
firmed  that  it  was  alerting 
card  issuers  of  a  “potential” 
breach  in  which  credit  cards 
“were  determined  to  be 
improperly  accessed  by  an 
unauthorized  party.” 

Although  the  companies’ 
carefully  worded  statements 
didn’t  say  they  were  refer¬ 
ring  to  a  new  intrusion,  they 
also  failed  to  say  that  they 


were  talking  about  a  previ¬ 
ously  disclosed  incident. 

By  the  end  of  February, 

Visa  announced  that  the 
alerts  referred  to  an  earlier 
breach  that  had  turned  out  to 
be  larger  than  first  thought. 

The  credit  card  company 
did  not  identify  the  process¬ 
ing  company  or  say  why  it 
was  continuing  to  keep  its 
name  under  wraps. 

MasterCard  did  not  re¬ 
spond  to  requests  for  com¬ 
ment  on  Visa’s  clarification. 

Prior  to  Visa’s  explana¬ 
tion,  several  users  said  they 
were  convinced  that  a  major 
new  breach  had  occurred. 

Benson  Bolling,  vice 
president  of  lending  at  the 
Alabama  Credit  Union  in 
Tuscaloosa,  said  that  credit 
union  officials  believed  that 
Visa  and  MasterCard  were 
probably  referring  to  a  new 
breach.  He  also  noted  that 
Visa’s  initial  warning  about  a 
“big  breach”  came  shortly  af¬ 
ter  Heartland  Payment  Sys¬ 


tems  Inc.’s  Jan.  20  disclosure 
of  a  massive  intrusion  into  its 
card  processing  systems. 

Advisories  issued  by  the 
Pennsylvania  Credit  Union 
Association  and  Tuscaloosa 
VA  Federal  Credit  Union 
also  implied  that  Visa  and 
MasterCard  were  referring 
to  new  incidents  in  the  mid- 
February  notification. 

Both  Visa  and  MasterCard 
said  early  on  that  the  latest 
notice  did  not  refer  to  the 
breach  at  Heartland,  which 
exposed  some  100  million 
credit  cards  to  hackers. 

Analysts  last  week  sug¬ 
gested  that  the  credit  card 
companies  might  identify  the 
hacked  company  once  they 
determine  what  happened. 

“The  forensics  may  not 
have  turned  up  very  much 
conclusive  evidence,”  said 
Avivah  Litan,  an  analyst  at 
Gartner  Inc.  “The  criminals 
have  gotten  so  good  at  get¬ 
ting  in  and  getting  out,  it 
is  not  easy  to  prove  these 
breaches.  They  can  be  very 
hard  to  detect,  and  [Master- 
Card  and  Visa]  honestly  may 
not  know  what  happened.” 

Jim  Huguelet,  an  indepen¬ 
dent  security  consultant  in 
Bolingbrook,  Ill.,  said  that 
credit  card  companies  “don’t 
want  to  overcommunicate.” 
They  are  probably  looking 
to  investigate  “as  methodi¬ 
cally  as  they  can,”  he  noted. 

However,  he  cautioned 
that  in  such  cases,  people 
“will  start  to  fill  in  the 
blanks”  and  perhaps  come 
to  the  wrong  conclusion. 

Huguelet  did  say  that 
Visa’s  disclosure  that  there 
was  no  new  breach  is  good 
news. 

“Three  in  60  days  or  less 
would  have  been  dishearten¬ 
ing,”  he  said,  noting  that  RBS 
WorldPay  Inc.  in  December 
said  that  a  breach  exposed 
personal  data  of  about 
1.5  million  owners  of  prepaid 
payroll  and  gift  cards.  ■ 
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M  THE  GRILL 


Polycom’s  CEO  talks  about  the 
long-awaited  arrival  of  ‘spooky- 
good’  videoconferencing  and  the 

next  big  thing:  videoconferencing 
on  handhelds. 


Name:  Robert  Hagerty 
Title:  CEO 

Organization:  Polycom  Inc. 

Location:  Pleasanton,  Calif. 

Most  interesting  thing  people 
don’t  know  about  him:  “My 
home  is  totally  solar-powered.” 

In  high  school,  he  was:  “Studi¬ 
ous.  Except  in  French.” 

Favorite  technology:  “Video  -  all 
flavors.  Broadcast  video,  video- 
conferencing,  video  terminals 
. . .  video  everything.  I’ve  worked 
in  video  my  whole  career.” 

Favorite  vice:  Fast  cars 

Pet  peeve:  “Not  meeting  quota.” 


Videoconferencing  is  available  for 
desktops  and  even  through  specially 
designed  rooms  called  telepresence 
systems,  but  on  wireless  handhelds? 
According  to  Robert  Hagerty,  who  has 
been  CEO  of  Polycom  Inc.  for  10  years,  it 
could  be  widely  available  soon. 

Polycom  has  just  had  a  record  year  for 
revenue.  Why  has  it  taken  videoconferenc¬ 
ing  so  long  to  arrive?  We  have  a  great 
value  proposition  with  video  commu¬ 
nications,  and  it  has  taken  a  long  time 
in  coming.  Originally,  we  were  hobbled 
by  a  telephony  infrastructure  that  ran 
on  ISDN,  but  now  it  is  on  Internet  Pro¬ 
tocol.  You  can’t  believe  how  incredibly 
good  the  video  quality  is  today.  We  at 
Polycom  offer  anything  from  desktop  to 
PC  to  video  that  runs  on  phones  to  tele¬ 
presence,  all  seamlessly  built  and  high- 
definition.  It’s  spooky-good  video.  You 
could  take  a  penny  and  show  Lincoln  as 
he  sits  in  the  Lincoln  Memorial  on  the 
back.  That’s  how  good  it  is.  The  integra¬ 
tion  with  other  phone  and  desktop  com¬ 
munications  has  also  leapfrogged. 

Is  the  value  proposition  about  saving  on 
business  travel?  At  Polycom,  we  have 
video  for  anybody  who  wants  it,  and 
that’s  up  to  2,000  people  in  our  work¬ 
force.  The  value  proposition  is  there, 
our  travel  budgets  are  less,  and  we’re 
not  spewing  carbon  from  planes  or 

Continued  on  page  20 
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The  Computerworld  Inner  Circle  Research  Panel  was  established  as  a  way 
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for  members  of  the  IT  community  to  share  information  and  gain  insight  into 
various  technology  topics,  including  new  initiatives  and  top  issues  faced  by 
IT  professionals  and  executives. 

Inner  Circle  panel  members  get  exclusive  access  to  results  of  the  surveys 
on  the  panel  site  at;  www.computerworldinnercircle.com,  and  are  eligible  for 
some  nice  cash  and  prize  giveaways  for  their  participation.  We  look  forward  to 
hearing  your  input! 

Join  for  Free! 

To  register  as  a  panel  member,  visit  www.computerworld.com/haic 


COMPUTERWORLD 


INNER  CIRCLE 

RESEARCH  PANEL 


■  THE  GRILL  ROBERT  HAGERTY 


Voice-only  will 
be  a  rarity  on  a 
wireless  hand¬ 
held,  and  videoconfer¬ 
encing  will  be  the  norm, 
sometime  in  the  not- 
too-distant  future. 


Continued  from  page  18 
driving  or  in  a  cab.  The  productivity 
level  is  much  higher.  I  can  meet  eight 
to  10  customers  a  day  on  videoconfer¬ 
ence,  and  I  have  great  meetings  in  high 
definition,  face  to  face. 

When  will  videoconferencing  be  avail¬ 
able  on  wireless  handhelds?  We  have 
videoconferencing  solutions  working 
over  3G  networks  with  Ericsson  in  Italy, 
running  on  the  Palm.  It’s  live  TV,  a  live 
videoconferencing  hook  through  our 
enterprise  network  and  through  3G  and 
into  the  backbone,  which  connects  a 
person  to  the  office  so  they  can  talk  on  a 
handheld.  It  looks  great,  but  it’s  not  high 
definition.  You  can  get  high-definition 
videoconferencing  on  a  PC.  It  easily 
downloads.  We’re  doing  it  over  Wi-Fi, 


too,  so  people  sitting  in  airports  can 
be  on  videoconference  calls  with  their 
laptops  while  they  are  waiting.  That’s 
live  videoconferencing  in  high  def.  It’s 
a  full  30  frames  a  second,  depending 
on  the  network.  That’s  TV  quality. 

How  big  will  videoconferencing  on  hand¬ 
helds  be?  As  videoconferencing  mi¬ 
grates  from  a  niche  technology  to  the 
mainstream  in  the  enterprise,  you’ll 
want  videoconferencing  for  everyone, 
everywhere.  It’s  a  huge  thing.  It’s  part 
of  a  wave  that’s  starting  to  crest  and 
affecting  everyone.  To  be  provocative, 
I’d  say  voice-only  will  be  a  rarity  on  a 
wireless  handheld,  and  videoconfer¬ 
encing  will  be  the  norm,  sometime  in 
the  not-too-distant  future. 

I  can  see  some  drawbacks  to  that.  The 

handheld  does  have  the  issue  that 
holding  it  with  a  hand  means  it’s  not  a 
steady  camera  image.  The  image  needs 
to  be  higher  than  most  people  work¬ 
ing  on  a  handheld  provide,  since  you’ll 
be  looking  up  somebody’s  nose  if  you 
aren’t  careful.  We’ve  developed  video 
products  for  this,  and  the  camera  angle 
is  important.  The  early  videophones 
generally  had  the  screens  too  low,  so 
the  camera  looked  up  your  nose.  Also, 
the  video  can  be  a  little  like  the  video 
from  The  Blair  Witch  Project,  with  the 
moving  images,  with  the  handheld 
moving  up  to  the  head,  to  the  eye. 

So  you  have  researchers  looking  into 
this?  Yes,  we  have  600  people,  nearly 
one-third  of  the  company,  in  research 
and  development,  and  some  are  busy 
researching  and  building  gateways 
to  the  handheld.  We  never  make  the 
phones,  but  they  will  require  lots  of 
processing  power  for  video.  As  the  net¬ 
works  get  more  bandwidth,  any  of  the 
new  smartphones  will  work. 

There  are  several  major  companies, 
including  Cisco,  offering  videoconferenc¬ 
ing  products,  some  of  them  telepresence 
systems.  How  are  you  distinguishing 
yourselves  from  them?  The  industry  is 
moving  faster  and  faster,  yes.  We  want 
to  create  a  very  immersive  experience, 
the  most  immersive  in  the  world  with 
telepresence.  We  want  you  to  feel  like 
you  are  in  the  room  with  the  other  per¬ 
son.  We’re  pushing  for  something  big¬ 


ger,  something  beyond  high  definition. 
The  other  consideration  we  address 
is,  how  much  of  an  available  pipe  can 
your  organization  provide?  The  home 
office  couldn’t  really  deliver  videocon¬ 
ferencing  quality  over  cable  or  DSL, 
because  there  was  not  enough  band¬ 
width.  Now,  with  algorithms,  we  have 
the  unique  ability  to  detect  lost  packets 
and  create  beautiful  video.  We  excel  at 
that  and  will  continue  to  challenge  the 
industry  on  how  to  create  ease  of  use 
and  get  more  picture  for  less  money. 

Your  sales  of  traditional  voice  products 
have  declined  recently,  so  is  there  a 
shift  from  voice  to  video?  Voice  over  IP 
is  more  challenging,  and  people  are 
delaying  on  those  purchases.  We’ve 
found  that  people  might  already  have 
a  phone  and  [don’t  need]  a  new  one. 
There’s  nowhere  near  the  return  on 
investment  from  VoIP  compared  to 
videoconferencing. 

So,  what  is  the  videoconferencing  ROI? 

The  ROI  varies  depending  on  the 
travel  a  company  does,  but  from  the 
reduced  carbon  footprint  and  dollars 
saved  on  travel,  the  return  on  invest¬ 
ment  is  six  months.  Our  team  found 
the  ROI  was  265%  in  the  first  year. 

People  seem  to  do  any  kind  of  meeting  in 
telepresence,  but  are  there  some  things 
you  would  never  do,  like  fire  somebody 
over  telepresence?  We  do  performance 
reviews  over  videoconference,  and 
people  love  it.  That’s  performance  re¬ 
views,  not  layoffs. 

How  does  2009  look  for  your  company 
and  the  videoconferencing  industry?  We’ll 
see  double-digit  growth  in  video  rev¬ 
enues,  but  not  at  the  level  of  2008.  It’s 
a  growth  year,  and  we  expect  the  voice 
division  to  pull  through.  The  analysts 
haven’t  really  finished  their  2009  fore¬ 
casts. 

How  much  of  a  threat  is  Cisco,  given  how 
it  seems  to  enter  markets  and  conquer 
them?  We  still  have  the  largest  number 
of  installed  units  in  videoconferencing 
deployed,  about  650,000  globally.  The 
noise  Cisco  is  making  is  a  net  gain  for 
our  industry.  We  welcome  competi¬ 
tion,  but  we  think  we  outplay  them. 

—  Interview  by  Matt  Hamblen 
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OPINION 


Steven }.  Vaughan-Mchols 

The  Google  OS  Is 
Coming  by  Year’s  End 


IT’S  NOT  NEWS  that  Microsoft  will  get  Windows  7  out 
as  fast  as  possible  this  year.  Vista  has  been  a  complete 
dog,  so  Microsoft  will  rush  to  deliver  what  is  essentially 
a  cleaned-up,  lightweight  version.  What  is  news  is  that 
Google  will  have  its  own  contender  for  desktop  operating 
system  king:  Android. 


Android,  you  ask?  What 
would  a  Linux-based 
phone  operating  system  be 
doing  on  the  desktop?  Run¬ 
ning  it,  perhaps.  You  see, 
Matthaus  Krzykowski  and 
Daniel  Hartmann,  found¬ 
ers  of  start-up  Mobile- 
facts,  discovered  late  last 
year  that  Android  has  two 
product  policies  in  its  code. 
Product  policies,  they  ex¬ 
plained,  are  instructions  in 
an  operating  system  aimed 
at  specific  uses.  Android’s 
two  policies  are  phones 
and  MIDs  (mobile  Internet 
devices).  You  probably 
know  MIDs  by  their  more 
popular  name:  netbooks. 

The  light  begins  to 
dawn,  doesn’t  it?  But  just 
because  a  program  says  it 
can  do  a  job  doesn’t  mean 
it  can  actually  deliver  the 
goods.  Recall,  for  example, 
just  how  well  Vista  ran  on 
“Vista  Capable”  PCs. 

So,  Krzykowski  and 
Hartmann  decided  to  see 
if  they  could  get  Android 


to  work  on  a  netbook. 

It  took  them  about  four 
hours  to  compile  Android 
for  an  Asus  Eee  PC  1000H. 
Then,  they  reported  on 
VentureBeat.com,  “we  got 
the  netbook  fully  up  and 
running  on  it,  with  nearly 
all  of  the  necessary  hard¬ 
ware  you’d  want  —  includ¬ 
ing  graphics,  sound  and 
wireless  card  for  Internet.” 
In  other  words,  Android  is 
already  a  desktop  operat¬ 
ing  system. 

OK,  but  that  doesn’t 
mean  anyone  is  actually 
going  to  build  and  sell 
Android-powered  com¬ 
puters,  does  it?  Yes,  that’s 
exactly  what  it  means. 

In  an  interview  with 
Bloomberg  News,  Samson 
Hu,  chief  of  Asus’  Eee  PC 
business,  said  Asus  has 

■  What  would  a 
mobile  phone  oper¬ 
ating  system  do  on 
the  desktop?  Run  it. 


assigned  engineers  to  de¬ 
velop  an  Android-based 
netbook  by  the  end  of  the 
year  —  though  he  said  it 
hasn’t  decided  whether  to 
ship  such  a  product. 

But  in  this  economy, 
would  any  company  waste 
expensive  engineering 
on  a  project  that  might 
not  ship?  I  don’t  think  so. 
Android  makes  sense  for 
Asus,  which  has  already 
shown  a  willingness  to 
back  a  Linux  maverick. 

As  for  applications,  the 
wide  array  of  open-source 
software  that  all  Linux 
distributions  share  would 
be  available,  but  so  would 
Google’s  Chrome  Web 
browser  and  its  wealth  of 
Web-based  applications. 
You  can  bet  those  are  go¬ 
ing  to  work  very  well  with 
Android/Chrome. 

I’m  sure  Asus  won’t 
be  alone  in  adopting  An¬ 
droid.  According  to  Bar¬ 
clays  Capital  analyst  Is¬ 
rael  Hernandez,  netbooks 


are  the  one  bright  spot  in 
the  PC  market.  Android 
just  makes  them  cheaper 
and  more  profitable. 

I  put  it  to  you:  If  you 
were  in  charge  of  a  com¬ 
puter  company  in  a  lousy 
market,  and  one  of  your 
choices  was  to  invest 
more  in  the  one  product 
line  that’s  showing  signs 
of  life,  would  you  do  it?  If 
you  had  a  choice  between 
paying  a  considerable 
chunk  of  cash  for  Win¬ 
dows  and  a  lesser  sum 
for  Android,  what  would 
you  do?  Before  answer¬ 
ing  those  questions,  you’d 
have  to  decide  whether 
people  would  be  willing 
to  buy  something  other 
than  Windows.  Most 
haven’t  been,  but  when 
the  alternative  is  from 
Google,  which  is  now  as 
well  known  as  Micro¬ 
soft,  there’s  a  real  chance 
things  could  be  different. 

I  predict  that  by  De¬ 
cember,  we’ll  see  not  only 
Asus  selling  Android- 
based  netbooks,  but  at 
least  a  half-dozen  other 
vendors  doing  so  as  well. 
In  bad  times,  businesses 
have  to  be  smart,  and 
Android  on  netbooks  is  a 
smart  move  indeed.  ■ 
Steven  J.  Vaughan-Nichols 
has  been  writing  about 
technology  and  the  busi¬ 
ness  of  technology  since 
CP/M-80  was  cutting-edge 
and  300bit/sec.  was  a  fast 
Internet  connection  — 
and  we  liked  it!  He  can  be 
reached  at  sjvn@vnal.com. 
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ARON  YU  wants  to  share 
his  enthusiasm  for  Kiva, 
a  nonprofit  microfi¬ 
nancing  organization. 
He  sees  Facebook  as  a 
prime  way  to  do  that. 

But  instead  of  posting 
his  own  notes  or  linking 
to  Kiva’s  Web  site,  Yu 
is  tinkering  with  Kiva’s 
latest  tech  tool  —  its  API  —  to  find  the 
best  way  to  bring  Kiva’s  message  to 
Facebook  Inc.’s  social  networking  site. 

“It  opens  up  another  channel  for 
evangelism,  or  advertising,  so  you’re 


able  to  get  more  people  involved.  It 
leverages  the  community,”  he  says. 

Kiva  released  its  API,  or  application 
programming  interface,  on  Feb.  3  after 
five  months  of  wor  k.  Kiva’s  IT  team 
says  the  release  allows  tech-savvy 
supporters  to  develop  more  ways  to 
interact  with  the  organization  online 
that  will  help  it  expand  its  reach.  “If 
we  can  empower  other  developers  who 
are  passionate  about  what  we’re  doing, 
that  would  be  very  powerful.  It  would 
help  us  reach  more  people  than  what 
we  can  do  with  the  in-house  staff,” 
says  Skyiar  Woodward,  director  of 
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Kiva’s  developer  program. 

Although  it’s  not  a  tech  company 
in  the  traditional  sense,  Kiva  exists 
solely  because  of  technology  and  is 
expanding  thanks  to  IT  innovations. 
Moreover,  it’s  doing  all  this  without 
pouring  millions  of  dollars  into  its  IT 
operations.  From  the  start,  innovation 
and  efficiency  have  defined  how  Kiva 
would  achieve  its  mission,  making  it  a 
model  for  doing  more  with  less  amid 
today’s  economic  challenges. 

“We  would  not  be  able  to  be  Kiva 
without  technology,”  says  Jeremy 
Frazao,  director  of  technology.  “But 


at  the  beginning,  we  had  nothing,  and 
we  had  to  figure  out  how  to  make  Kiva 
happen.  That  scarcity  mentality  has 
been  the  driving  force.  So  by  necessity, 
we’re  at  the  forefront.  We’re  looking  at 
the  people  doing  the  coolest  things  and 
asking,  ‘How  can  we  do  that,  too?’  ” 

BEGINNINGS 

Here’s  how  Kiva  works:  Entrepreneurs 
in  developing  countries  work  with 
microfinancing  institutions  (MFI)  to 
put  photos  and  information  about  their 
business  plans  and  financing  needs 
onto  Kiva’s  Web  site.  Investors,  most  of 


whom  come  from  the  U.S.,  can  review 
that  information  at  Kiva.org  and  lend 
to  the  specific  individuals  they  want  to 
support.  The  entrepreneurs  then  repay 
the  loan,  and  Kiva  returns  the  money  to 
the  investors.  Kiva  officials  say  most  in¬ 
vestors  choose  to  reinvest  repayments 
Inspired  by  his  wife’s  work  with 
businesses  in  East  Africa,  Matt  Flan¬ 
nery  started  Kiva  in  2004. 

As  a  child,  he  and  his  family  had  spon 
sored  impoverished  children  through 
various  charities,  and  he  found  that 
receiving  information  about  the  young 
Continued  on  pa y  ■  1- 
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Outsourcing  from  Accenture  doesn't  merely 
improve  the  economics  of  a  business.  It 
improves  performance  as  well.  Drawing  on 
insights  from  more  than  650  outsourcing 
engagements  in  more  than  100  countries,  we 
can  manage  processes  more  productively,  and 
more  in  tune  with  your  business  objectives. 
It’s  not  just  collaboration.  It's  harmony. 


Business  Process  Outsourcing 

•  Customer  Contact 

•  Finance  and  Accounting 

•  Human  Resources 

•  Learning 

•  Sourcing  and  Procurement 

•  Industry-specific  Services:  Airlines,  Insurance, 
Health,  Pharmaceuticals,  Utilities  and  more 


Application  Outsourcing 

•  Application  Development 

•  Enhancements  and  Upgrades 

•  Application  Maintenance  and  Support 

•  Testing  Services 

•  Capacity  Services 


Infrastructure  Outsourcing 

•  IT  Spend  Management 

•  Data  Center  Services 

•  Service  Desk 

•  Security  Services 

•  Network  Services 

•  Workplace  Services 
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Visit  accehture.com/outsourcing 
•  Consulting  •  Technology  •  Outsourcing 
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HALCHANDER  VISHWANATH 

plans  to  operate  in  the  global  financial 
j  markets,  and  for  a  mere  $5,000  cash 
investment,  he  has  a  pretty  good  shot. 

Vishwanath  is  the  founder  and  CEO  of  United 
Prosperity,  which  plans  to  raise  money  from  indi¬ 
viduals  to  guarantee  the  microcredit  loans  banks 
make  to  impoverished  entrepreneurs.  Contribu¬ 
tors  will  make  pledges,  and  they’ll  get  their  money 
back  when  entrepreneurs  repay  their  loans. 

As  one  can  imagine,  there’s  not  a  lot  of  funding 
available  for  a  start-up  nonprofit  that’s  helping  to 
serve  the  poor.  So  Vishwanath  and  executives  at 
similar  organizations  have  to  make  every  penny 
count.  They  do  that  by  using  technology  to  mini¬ 
mize  costs  while  maximizing  reach. 

Not  long  ago,  this  business  model  would  have 
been  impossible.  Now,  though,  it's  clear  that  tech¬ 
nology  has  built  a  new  sector  within  the  world  of 
microfinance  -  and  it’s  proving  that  small  budgets 
can  yield  big  gains  with  the  help  of  high  technology. 

“We  consider  technology  as  an  integral  part 
of  our  future,  for  our  visibility  and  for  our  donors 
to  have  a  great  experience,”  says  Kristin  Houk, 
president  of  NamasteDirect  in  San  Francisco. 

NamasteDirect  raises  money  to  make  micro¬ 
credit  loans  to  poor  women  in  Guatemala.  The 
organization  collects  donations  through  various 


avenues,  and  it  has  found  that  online  fundraising 
costs  a  fraction  of  what  traditional  methods  cost, 
Houk  says.  Other  IT  initiatives  have  also  enabled 
the  organization  to  achieve  high-level  goals  on 
shoestring  budgets.  For  example,  NamasteDirect 
used  volunteers  to  build  an  e-card  system  that 
costs  nothing  to  run  and  generates  “a  ton  of  traf¬ 
fic  to  our  Web  site,”  Houk  says. 

Researchers  expect  interest  and  investments 
in  microfinancing  to  grow  significantly  in  coming 
years.  A  December  2007  report  by  Deutsche  Bank 
Research  predicts  that  U.S.  institutional  and  indi¬ 
vidual  investments  in  microfinancing  will  jump  from 
$2  billion  in  2006  to  $20  billion  in  2015. 

“To  raise  that,  you  need  a  really  scalable  solu¬ 
tion,”  says  Ashwini  Narayanan,  general  manager 
of  MicroPlace  Inc.,  a  for-profit  enterprise  owned 
by  eBay  Inc. 

Narayanan  says  when  MicroPlace  started  three 
years  ago,  its  IT  group  decided  to  build  out  from 
scratch  using  Ruby  on  Rails  and  an  agile  develop¬ 
ment  method  to  enable  a  quick  launch  at  a  lower 


cost  than  what  would  have  been  possible  with 
other  technologies  and  development  methods. 

IT  is  also  driving  cost-effective  innovations  on  the 
back  end,  says  George  Conard,  executive  director 
of  the  Seattle-based  Mifos  Initiative. 

Part  of  the  Grameen  Foundation,  a  microfinanc¬ 
ing  institution  headquartered  in  Washington,  D.C., 
Mifos  builds  open-source  financial  software  for 
MFIs.  That  helps  ensure  that  they  have  the  flexible, 
supportable  platforms  they  need  to  scale  up,  says 
Conard,  noting  that  many  MFIs  are  still  using  pen 
and  paper  to  manage  tens  of  thousands  of  loans. 

Conard  sees  more  tech-driven  innovations  on  the 
horizon.  For  example,  he  says,  some  MFIs  want  to 
deploy  customized  handhelds  that  use  biometrics 
to  identify  borrowers  who  don't  have  any  ID. 

And  as  in  any  business,  the  IT  investments  of 
microfinance  organizations  show  significant 
returns,  Conard  says.  “When  you  automate,  your 
transaction  costs  can  go  down,  but  more  impor¬ 
tant,  you  gain  insight  into  the  business  -  what 
products  work  and  what  don’t  -  so  you  can  better 
target  resources,”  he  says.  “And  then  they  can 
look  at  social  impact.  We  can  see  financial  per¬ 
formance  but,  more  crucially,  how  it’s  impacting 
client  lives.  Those  are  some  of  the  transformative 
changes  that  technology  can  provide.” 

-  MARY  K.  PRATT 


IT  If  we  can  empower 
H  other  developers  who 
are  passionate  about  what 
we’re  doing,  that  would  be 
very  powerful. 

SKYLAR  WOODWARD, 

DIRECTOR.  DEVELOPER  PROGRAM 


Continued  from  page  23 
sters  “really  opened  my  mind  up  to  the 
fact  that  I  could  connect  with  them  and 
converse  with  them  and  relate  to  them.” 

Flannery  says  he  knew  that  tra¬ 
ditional  mailings  and  solicitations 
wouldn’t  work  for  Kiva  —  they  would 


be  too  time-consuming,  overhead¬ 
intensive  and  expensive  —  so  he  focused 
on  online  operations.  “What  we’ve  found 
from  the  beginning  is  that  it  worked 
fine,  and  it  was  cheap,”  he  says. 

Kiva  raised  $1.9  million  in  loan  funds 
in  2006,  its  first  full  year  of  operation, 
and  ran  on  a  budget  of  $175,000  that  year. 

Like  any  start-up,  Kiva  had  to  grow  its 
IT  operations  as  the  business  expanded. 
But  it  had  unique  challenges:  It  had  to 
scale  its  own  IT  infrastructure  and  do 
the  same  for  its  partner  MFIs,  most  of 
which  operate  in  areas  with  limited  in¬ 
frastructure  and  support  services. 

Yet,  as  a  nonprofit,  Kiva  couldn’t 
access  the  kind  of  capital,  such  as  ven¬ 
ture  funding,  that  often  finances  early- 
stage  companies.  Its  capital  came  from 
donations  and  grants. 

Flannery  says  that  has  required 
some  sacrifices.  “If  we  were  a  VC- 
backed  company,  we’d  have  an  engi¬ 
neering  team  of  25  by  now,”  he  says. 
Without  that  level  of  funding  and 
manpower,  Kiva  has  to  be  more  careful 
about  prioritizing  its  IT  needs,  and  it 
adds  only  a  few  new  features  each  year 
as  resources  allow. 


“I’m  not  complaining;  we’ve  done  a 
lot.  And  we’ve  been  able  to  do  a  lot  be¬ 
cause  of  the  great  efficiencies  created 
by  technology,”  Flannery  says. 

Kiva  has  managed  to  grow  without  a 
big  infusion  of  cash.  It  now  has  35  staff 
members,  nine  of  whom  are  IT  work¬ 
ers.  Its  annual  budget  for  2008  was 
$4.1  million,  which  supported  opera¬ 
tions  that  sent  $36  million  in  loans  to 
poor  entrepreneurs  around  the  globe. 

Its  technology  spending  has  gone 
from  about  $18,000  in  2006  (when  two 
employees  earned  a  combined  total  of 
just  $14,200)  to  $937,000  in  2008  (of 
which  $776,000  paid  the  salaries  of 
eight  IT  workers). 

Even  with  last  year’s  IT  budget  of  just 
$161,000  after  salaries,  Kiva  managed 
to  implement  an  array  of  tech-driven 
features  that  enable  partner  MFIs, 
entrepreneurs  and  investors  to  access 
and  share  information  more  quickly. 

Woodward,  who  joined  Kiva’s  staff 
in  September  but  has  been  a  friend  to 
the  team  and  a  volunteer  from  the  start, 
cites  the  organization’s  willingness  to 
use  existing  innovations  for  its  success. 

For  example,  Kiva  uses  PayPal  to 
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MWe  would  not  be  able 
to  be  Kiva  without 
technology. 

JEREMY  FRAZAO, 

DIRECTOR  OF  TECHNOLOGY 

move  money  around,  and  that  has 
proved  to  be  “even  easier  than  credit 
cards”  and  cost-effective,  he  says.  (Pay¬ 
Pal  Inc.  donates  its  services,  allowing 
Kiva  to  send  100%  of  the  money  pledged 
for  loans  to  the  entrepreneurs,  accord¬ 
ing  to  Kiva  officials.) 

Moreover,  the  Internet  makes  it  pos¬ 
sible  for  Kiva  to  find  and  organize  volun¬ 
teer  translators  and  editors.  And  social 
networking  sites  have  enabled  the  orga¬ 
nization  to  build  recognition  without 
massive  investments  in  IT  infrastruc¬ 
ture  or  marketing,  Woodward  says. 

And  now,  Kiva  has  launched  its  API, 
leveraging  the  talents  of  technologists 
who  want  to  develop  new  ways  of  inte¬ 
grating  Kiva  into  online  venues  such  as 
blogs  or  Facebook  pages.  “We’re  going 
to  encourage  people  to  work  with  the 
API  and  give  feedback  on  what  works 
and  what  doesn’t,”  Woodward  says, 
noting  that  the  goal  is  to  add  more  fea¬ 
tures  to  the  application  to  enable  more 
customizing  and  more  interaction  with 
the  entire  Kiva  enterprise. 

For  example,  he  says,  a  blogger  who 
writes  about  Cambodia  could  use  the 
API  to  direct  readers  to  loan  requests 
that  Cambodian  businesses  have  post¬ 
ed  on  Kiva. 

JOB  1:  EFFICIENCY 

While  Woodward  has  looked  to  the  out¬ 
side  IT  community,  Frazao  has  focused 
inward,  finding  ways  for  Kiva’s  IT  unit 
to  foster  greater  operational  and  fiscal 
efficiencies.  “All  our  decisions  are  cen¬ 
tered  around  those  two  things,”  he  says. 


His  team  spent  most  of  2008  rework¬ 
ing  the  partner  interface  —  the  back¬ 
end  operations  that  investors  don’t  see 
and  that  allow  the  MFIs  to  interact 
with  Kiva’s  systems. 

“It’s  about  making  our  site  load 
much  faster,  making  it  interface  with 
video  and  cameras,  making  it  easier 
to  work  from  a  place  like  Cambodia  or 
Uganda,”  Flannery  says. 

The  MFIs  were  spending  an  inordi¬ 
nate  amount  of  time  waiting  for  Web 
sites  to  load,  Frazao  says.  (Remem¬ 
ber,  they’re  working  in  developing 
countries  where  reliable,  high-speed 
connections  aren’t  the  norm.)  Some 
workers  were  spending  90  minutes  to 
upload  information  for  just  one  entre¬ 
preneur’s  loan  request,  and  any  tele¬ 
communications  hiccup  would  cause 
the  whole  upload  to  be  lost. 

So  Kiva’s  IT  group  rewrote  the  in¬ 
terface  to  speed  up  the  process  and  to 
protect  information  from  being  lost 
during  a  disconnection,  Frazao  says. 
They  cut  the  time  it  takes  to  upload  a 
loan  request,  including  an  image,  from 
a  high  of  90  minutes  to  just  15.  The 
interface  automatically  saves  informa¬ 
tion  once  workers  complete  a  field,  so 
they  don’t  lose  all  their  work  if  a  con¬ 
nection  is  dropped. 

The  IT  staff  also  reworked  the  way 
investors  are  repaid.  Previously,  inves¬ 
tors  who  loaned,  for  example,  $25  for 
10  months  would  have  to  wait  the 
entire  10  months  to  get  repaid.  Now 
investors  are  repaid  incrementally  as 
entrepreneurs  pay  back  their  loans. 

It  might  seem  unimportant,  Frazao 
says,  but  when  investors  see  that  they 
have  money  lying  fallow,  they  tend  to 
reinvest  it  —  often  topping  off  the  re¬ 
payment  amount  with  more  money. 

“The  day  we  released  that  code 
—  it’s  called  ‘liquid  repayments’  —  in 
August  last  year,  we  flooded  the  sys¬ 
tem  with  $10  million,  and  that  was  the 
single  biggest  day  we  had,”  he  says. 

In  fact,  Kiva’s  success  has  occasional¬ 
ly  gotten  the  best  of  it.  There  have  been 
times  when  the  volume  of  contributions 
temporarily  outpaced  the  rate  at  which 
new  loan  requests  could  be  posted,  re¬ 
quiring  would-be  funders  to  wait. 

In  the  future,  Kiva  will  be  less  likely 
to  encounter  such  delays,  since  MFIs  in 
the  field  will  be  able  to  post  new  loans 
more  quickly,  thanks  to  the  improve¬ 


ments  Kiva’s  IT  staff  has  been  making. 

Kiva’s  internal  IT  group  can’t  take  all 
the  credit  for  its  successes,  though.  The 
organization’s  leaders  freely  acknowl¬ 
edge  that  they  use  commercial  technolo¬ 
gy  for  the  sake  of  cost  and  functionality. 

For  example,  Frazao  says  he  switched 
in  mid-2007  from  maintaining  Kiva’s 
own  server  to  using  Amazon.com  Inc.’s 
Simple  Storage  Service  (S3).  There’s  no 
immediate  cost  savings,  but  because 
S3  is  infinitely  scalable,  Kiva  will  never 
run  out  of  space,  and  it  will  be  able  to 
create  future  capacity  without  a  big 
capital  outlay.  Moreover,  by  outsourc¬ 
ing  this  function,  the  in-house  staff  can 
focus  on  delivering  technologies  that 
support  Kiva’s  core  mission. 

An  individual  donor  gave  Kiva  40 
Flip  video  cameras  from  Pure  Digital 
Technologies  Inc.,  and  Kiva  is  encour¬ 
aging  partners  to  take  videos,  which 
it’s  uploading  on  its  Web  site  using 
YouTube  APIs.  “We  want  video  all  over 
the  site,”  Flannery  says.  “It  might  help 
us  overcome  some  of  the  language  bar¬ 
riers.  If  you  can’t  write,  maybe  you  can 
make  a  video  that  connects  people.” 

Frazao  says  building  on  YouTube 
LLC’s  interfaces  required  no  money  and 
just  a  week’s  worth  of  work  from  a  four- 
person  Kiva  team.  “We’re  thrilled  that 
YouTube  has  done  all  the  work  for  us,” 
he  explains.  “To  do  this  without  You¬ 
Tube  would  be  a  massive  undertaking.” 

In  fact,  Frazao  says,  that’s  typical  of 
the  approach  that  keeps  Kiva  lean  yet 
still  on  the  leading  edge  of  technology. 
“We’re  asking  what’s  the  fastest,  easi¬ 
est  way  to  get  something  done.  And  it 
[often]  happens  to  be  something  that  a 
lot  of  people  are  working  on,”  he  says. 

Despite  Kiva’s  impressive  growth, 
Flannery  admits  that  he  has  accom¬ 
plished  only  about  5%  of  what  he’d  like 
to  do.  “We’re  not  growing  like  a  VC- 
backed  company  that  gets  $10  million  all 
upfront,  so  there  are  so  many  things  we 
want  to  do  that  we  haven’t  been  able  to 
do  yet.  We  have  to  prioritize,”  he  says. 

But  the  good  news,  Flannery  says,  is 
that  such  organic  growth  creates  a  lean 
operation,  because  there’s  no  room  for 
extra  expenses  that  don’t  produce  results. 

That’s  an  approach  pretty  much 
everyone  can  appreciate  today.  ■ 

Pratt  is  a  Computerworld  contributing 
writer  in  Waltham,  Mass.  Contact  her  at 
marykpratt@verizon.net. 
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■  VIRTUALIZATION 


Server 
Jization 


SERVER  VIRTUALIZATION  through  the  use  of  software 
products  such  as  VMware  has  been  implemented  to 
varying  degrees  in  corporate  IT,  with  some  successful 
and  some  not-so-successful  outcomes.  This  year,  the 
virtualization  trend  promises  to  continue  apace. 

How  much  do  you  know  about  the  benefits,  limita¬ 
tions  and  drawbacks  of  server  virtualization?  Take 
this  quiz  to  see  how  your  understanding  compares  with  that  of 
the  experts  —  and  gain  some  food  for  thought  as  you  contemplate 
whether  and  where  to  use  virtualization. 


10n  a  particular  server, 

within  each  virtual  machine: 

{a]  You  can  run  any  version  of 
Windows  without  regard  for 
the  version(s)  running  in  the  other  vir¬ 
tual  machines. 

[b]  The  versions  of  Windows  must  be 
no  more  than  one  release  apart. 

[cl  The  versions  of  Windows  must  be 
exactly  the  same. 


On  a  particular  server: 

[a]  You  can  reboot  a  virtual 
machine  without  it  having 
any  effect  on  the  other 
!  virtual  machines. 

[bl  If  you  reboot  one  virtual  machine, 

1  all  the  other  virtual  machines  reboot  at 
the  same  time. 

[cl  If  you  need  to  reboot  one  virtual 
machine,  you  have  to  first  reboot 


the  physical  server.  The  individual 
virtual  machines  then  reboot  auto¬ 
matically  when  the  physical  machine 
reboot  is  finished. 


When  choosing  which  applica¬ 
tions  or  databases  to  place  on 
one  physical  machine  -  using  a 
virtual  machine  for  each  appli¬ 
cation  -  it  is  best  to: 

[al  Choose  a  mixture  of  applications 
and  databases  with  different  workloads 
(some  light,  some  heavy). 

[bl  Keep  all  the  heavy-workload  ap¬ 
plications  and  databases  together  and 
all  the  light-workload  applications  and 
databases  together. 


Server  virtualization  and  the 
use  of  blade  servers  are: 

[al  Technically  incompatible, 
[bl  Technologies  that  should 
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be  combined  with  caution  to  avoid  put¬ 
ting  too  many  eggs  in  one  basket. 

[c]  Technologies  that  should  be  used 
together  whenever  possible. 


5  The  introduction  of  server  virtu¬ 
alization  in  a  data  center: 

[a]  Will  make  the  introduc¬ 
tion  of  a  storage-area  network 
(SAN)  absolutely  necessary. 

[b]  Will  make  the  introduction  of  a 
SAN  desirable. 

[c]  Will  not  materially  change  storage 
requirements. 


6  When  it  comes  to  avoiding 
major  outages,  the  use  of 
server  virtualization: 

[a]  Reduces  the  frequency  of 
hardware-related  service  outages. 

[b]  Has  no  material  impact. 

[c]  Requires  that  levels  of  redundancy 
be  increased  to  avoid  an  increase  in 
outages  affecting  multiple  applications 
or  services. 


7  When  deciding  on  the  placement 
of  development,  testing/QA  and 
production  instances  of  applica¬ 
tions  and  databases: 

[a]  You  can  (and  generally  should) 
use  virtualization  to  put  the  three  in¬ 
stances  of  an  application  or  a  database 
on  the  same  physical  server  so  that  the 
development  and  test  environments 
are  an  accurate  reflection  of  the  even¬ 
tual  production  environment. 

[b]  You  should  dedicate  physical  ma¬ 
chines  to  hosting  each  type  of  instance 
so  that  the  three  types  are  not  on  the 
same  server,  to  make  it  easier  to  secure 
the  production  environment. 

[c]  It  really  doesn’t  matter  where  you 
place  the  different  types  of  instances. 


8  In  a  virtualized  server  environ¬ 
ment,  compared  with  a  tradi¬ 
tional  server  environment: 

[a]  It  is  easier  to  keep  track  of 
software  licensing. 

[b]  Tracking  software  licensing  is  nei¬ 
ther  materially  easier  nor  harder. 

[c]  It  is  significantly  harder  to  keep 
track  of  software  licensing. 


9  The  introduction  of  server 

virtualization  in  a  data  center: 

[a]  Will  make  security  man¬ 
agement  easier. 

[b]  Will  have  no  material  impact  on  the 
complexity  of  security  management. 

[c]  Will  make  security  management 
more  difficult. 


jM  When  server  virtualization 

M  is  introduced  in  a  data  cen- 
|B  SB  JB  ter,  the  configuration  man- 
1  SMF  agement  database  (CMDB) 
used  to  support  data  center  operations: 
[a]  Will  not  need  to  be  modified  or 
replaced. 

[bj  Can  be  retained,  although  revisions 
will  need  to  be  made  to  the  naming 
schemes  used  for  servers. 

[c]  Will  need  to  have  its  underlying 
database  design  (i.e.,  schema)  radically 
redesigned.  If  this  is  not  possible 
with  your  current  CMDB  application, 
new  CMDB  software  may  have 
to  be  purchased. 


In  a  virtualized  server  environ- 
WM  ment,  compared  with  a  tradi- 
I  tional  server  environment: 

■  [a]  The  costs  of  software  li¬ 
censing  tend  to  decrease,  because  busi¬ 
ness  groups  can  manage  their  licensing 
requirements  more  tightly. 

[b]  Software  licensing  costs  tend  to  re¬ 
main  about  the  same. 

[c]  Software  licensing  costs  tend  to 
increase,  because  business  groups 
request  far  more  “machines”  (know¬ 
ing  that  virtual  machines  are  easy  and 
cheap  to  add). 


Mk  Compared  with  a  tradi- 

™ JB  tional  server  data  center, 
M  a  data  center  that  makes 

9  Bni  extensive  use  of  server 
virtualization  requires: 

[a]  Approximately  25%  fewer 
staffers  to  support  the  servers  and 
operating  systems. 

[b]  Roughly  the  same  number  of 
staffers  to  support  the  servers  and 
operating  systems. 

[c]  Approximately  25%  more 
staffers  to  support  the  servers  and 
operating  systems. 


1  -  32  POINTS: 

Newbie 

Your  knowledge  of  virtualization 
is  very  limited.  Read  though  the 
correct  answers  to  each  question 
to  gain  a  better  understanding 
of  the  technology. 


33  -  64  POINTS: 


You  have  a  limited  understanding 
of  virtualization  but  are  off 
to  a  good  start.  Read  through 
the  correct  answers  to  see 
which  areas  you  might  need 
more  help  with. 


65  -  96  POINTS: 

Expert 

Congratulations!  You  are  very 
knowledgeable  about  server 
virtualization.  Read  through  the 
correct  answers  to  bone  up  on 
any  questions  you  missed. 

To  see  the  answers, 
turn  to  page  30. 


Getting 

There 
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Answers 

The  correct  answers,  according  to 
experts,  are  as  follows: 

1.  [a]  Server  virtual¬ 
ization  software  im¬ 
poses  no  constraints 
on  the  versions  of 
the  Windows  Server 
operating  system  (or 
Linux)  that  you  place 
in  each  virtual  ma¬ 
chine,  although  a  completely  new  version 
of  Windows  may  require  that  you  check 
for  compatibility  with  your  server  virtu¬ 
alization  software  before  you  install  it. 

2.  [a]  Rebooting  a  virtual  machine  can 
be  done  without  touching  the  physical  ma¬ 
chine  or  the  server  virtualization  software. 
It  has  no  effect  on  the  other  virtual 
machines;  they  are  completely  isolated 
from  one  another.  Note,  however,  that 
if  you  reboot  the  physical  machine  (that 
is,  you  reboot  the  server  virtualization 
software),  it  will  disrupt  the  operation 
of  all  the  virtual  machines. 

3.  [a]  In  general,  it  is  better  to  install  a 
mix  of  heavy-workload  and  light-workload 
applications  on  each  physical  server  in 
order  to  make  the  best  use  of  the  server. 
The  heavy-workload  applications  will 
benefit,  in  terms  of  performance,  from 
being  able  to  momentarily  use  a  large 
part  of  the  server’s  CPU  and  memory 
resources  during  traffic  peaks,  and  the 
light-workload  applications  will  effec¬ 
tively  get  a  “free  ride”  on  the  server. 

4.  [b]  There  is  nothing  technically  wrong 
or  difficult  about  placing  server  virtualiza¬ 
tion  software  on  blade  servers.  However, 
this  practice  should  not  be  pursued 
without  careful  consideration  of  the 
concentration  of  risk  that  it  entails.  For 
example,  if  you  build  10  virtual  ma¬ 
chines  on  each  of  16  blade  servers,  the 
total  number  of  applications  running 
in  the  blade-server  shelf  could  be  160. 
If  anything  bad  happens  to  the  shelf 
(fire,  power  loss)  and  adequate  backup 
or  redundancy  (outside  of  the  shelf) 
does  not  exist,  you  will  simultaneously 
lose  160  applications,  potentially  dev¬ 
astating  your  business. 

5.  [b]  You  should  have  already  estab¬ 
lished  a  SAN  in  the  data  center  or  have 
extended  SAN  services  to  the  servers  that 
you  are  considering  as  candidates  for  re¬ 


placement  by  virtual  machines.  If  not,  it  is 
very  likely  that  the  aggregate  storage  de¬ 
mands  of  the  applications  or  databases 
running  on  each  virtualized  physical 
server  will  exceed  what  can  be  provided 
on  hard  drives  within  the  server. 

6.  [c]  Even  without  the  potentially  worry¬ 
ing  combination  of  blade  servers  and  server 
virtualization,  use  of  server  virtualization  on 
standard  servers  puts  several  eggs  in  one 
basket.  Given  that  hardware  failure  in 
one  server  will  take  out,  say,  10  applica¬ 
tions  and/or  databases,  it  is  generally 
desirable  to  provide  some  level  of  redun¬ 
dancy,  permitting  the  entire  contents 

of  the  server  to  be  quickly  moved  to  a 
standby  server  if  the  main  server  fails. 

7.  [b]  It  is  generally  better  to  desig¬ 
nate  physical  servers  as  “development,” 
“test/QA”  and  “production”  and  to  place 
instances  of  applications  and  databases  on 
them  accordingly.  This  policy  is  driven  by 
security  needs  and,  in  some  industries, 
by  regulatory  considerations  dictating 
different  treatments  for  the  different  en¬ 
vironments  (particularly  for  production). 

8.  [c]  In  an  ideal  data  center,  it  would  be 
no  harder  to  keep  track  of  software  licens¬ 
ing  for  virtualized  servers.  Real-world 
experience,  however,  shows  that  it  is 
indeed  harder.  In  a  virtualized  envi¬ 
ronment,  the  ease  with  which  virtual 
machines  can  be  created  —  combined 
with  the  difficulties  of  finding  out  from 
business  groups  exactly  what  software 
is  required  on,  or  has  been  installed  on, 
each  virtual  machine  —  makes  track¬ 
ing  license  requirements  and  license 
usage  significantly  more  difficult. 

9.  [c]  Adequately  securing  access  to,  and 
information  stored  on,  virtual  machines 
presents  new  challenges,  over  and  above 
those  in  a  traditional  environment.  First,  ac¬ 
cess  to  the  virtualization  software  must 
be  very  tightly  controlled.  Second,  any¬ 
one  with  access  to  a  virtual  machine  can 
download  an  application  that  mounts  an 
attack  on  the  virtual  “walls”  that  isolate 
one  virtual  machine  from  the  other  vir- 

I  tual  machines.  Third,  it  is  more  complex 
I  to  implement  access  restrictions  at  a 
network  level  for  each  individual  virtual 
;  machine,  so  network-based  security  may 
end  up  being  set  at  that  of  the  least- 
I  sensitive  application  running  on  a  physi- 
j  cal  machine  (particularly  if  the  network/ 
;  firewall  management  team  is  busy). 

10.  [c]  Although  numerous  suppliers  of 
software  for  CMDBs  have  started  to  em- 


Server 
ization 


Quiz  begins  on  page  28 


brace  server  virtualization,  there  are  many 
older  versions  of  CMDB  products  imple¬ 
mented  in  data  centers.  These  may  not 
have  the  necessary  underlying  database 
designs  that  recognize  a  virtual  ma¬ 
chine  as  a  “data  entity”  and  can  repre¬ 
sent  the  relationship  “Virtual  Machine 
A  is  on  Physical  Server  X.”  Many  of  the 
things  that  go  with  a  physical  server 

—  such  as  the  version  of  the  operating 
system  installed  on  it,  and  its  IP  address 

—  must  now  be  associated  with  a  vir¬ 
tual  machine.  In  addition,  these  things 
must  be  associated  with  nonvirtualized 
servers.  These  requirements  mean 
that  the  database  design  underlying  a 
CMDB  requires  a  major  overhaul  for 
the  product  to  have  any  hope  of  being 
useful  to  a  data  center  that  has  started 
to  introduce  virtualization. 

11.  [c]  Once  IT  tells  business  groups  that 
it  can  provision  a  new  virtual  machine  with¬ 
in  a  few  hours,  human  nature  tends  to  take 
over.  Businesses  go  berserk,  submitting 
requests  for  virtual  machines  that  they 
might  have  hesitated  to  ask  for  if  they 
had  to  wait  for  physical  hardware  to  be 
budget-approved,  ordered,  delivered, 
installed  and  made  ready  for  use.  Some 
experts  call  the  result  “VM  sprawl.” 
Worse  still,  when  a  project  is  canceled 
or  the  development  work  is  completed, 
can  business  groups  be  relied  on  to  tell 
IT  that  the  virtual  machine  can  be  de¬ 
leted?  Of  course  not. 

12.  [b]  The  largest  part  of  the  work 
done  in  a  data  center  tends  to  be  driven 
by  the  number  of  “servers,”  and  it  makes 
no  difference  whether  these  are  standard 
servers  or  virtual  machines.  Each  virtual 
machine  requires  the  same  level  of 
attention  as  a  standard  server  when  it 
comes  to  responding  to  trouble  tickets, 
managing  operating  system  and  appli¬ 
cation  updates  and  patches,  managing 
security  issues,  monitoring  perfor¬ 
mance  and  so  on.  The  small  reduction 
in  total  work  achieved  by  not  having 
to  install  physical  machines  as  often 
as  you  once  did  tends  to  be  offset  by 
the  extra  work  involved  in  installing 
and  configuring  server  virtualization 
systems  such  as  VMware  on  each  new 
machine.  ■ 

Hamer  is  a  director  at  Acumen  Solutions, 
a  business  and  technology  consulting 
firm  with  offices  across  the  U.S.  and 
Europe.  Contact  him  at  mhamer@ 
acumensolutions.com. 
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Maximize  the  Business 
Benefits  of  SaaS! 


March  31 -April  1,  2009  I  Santa  Clara  Convention  Center  I  Santa  Clara,  CA 


•  See  and  hear  about  essential  SaaS 
building  block  technologies 

•  Hear  presentations  from  world-class 
IT  executives 

•  Find  the  SaaS  industry  all  in  one  place 


Topics  areas  include: 

-  Cloud  Computing  and  SaaS:  One-in-the-Same  or 
Subtle  Differences? 

-  On-Demand  Business  and  Information  Services: 
Present  and  Future 

-  Essential  Building  Block  Technologies  for  SaaS 

-  How  to  Build  SaaS  Applications  and  Solutions 

-  Best  Practices  in  Optimizing  SaaS 

-  The  Business  Benefits  of  SaaS:  Measuring  TCO 
in  Dollars,  Time  to  Market  and  More 


COMPUTERWORLD 

SAASCON  2009 

www.saascon.com 


Speakers  include: 


Chief  Information  Officer  and 
Vice  President,  Employers  Direct 
Insurance  Company 


Clark,  Jr. 


Vice  President  Information 
Technology,  Georgia  Aquarium 


Carmen  Malangone 

Global  Solution  Designer, 
Coty,  Inc. 


For  sponsorship  opportunities,  please  cal!  John  Vulopas  at  508-271-8024 


■  Q&A  M.  ERIC  JOHNSON 


‘Artistic’  processes  might  be  the  answer. 


The  move  to  standardize  processes  has 
gone  overboard,  say  M.  Eric  Johnson  and 
Joseph  M.  Hall  in  this  month’s  Harvard 
Business  Review.  Some  processes,  they 
argue,  are  more  akin  to  art  than  science 
and  need  to  be  treated  that  way.  Johnson,  a 
professor  of  operations  management  and 
director  of  the  Center  for  Digital  Strategies 
at  Dartmouth  College’s  Tuck  School  of 
Business,  told  Kathleen  Melymuka  why 
artistic  processes  are  essential  in  IT  and 
how  to  know  when  you  need  one. 

Why  do  you  say  that  process  standardiza¬ 
tion  has  gone  too  far?  CIOs  and  B-school 
faculty  have  been  promoting  process 
standardization  as  the  road  to  the  prom¬ 
ised  land.  And  there’s  a  lot  that’s  good 
about  that.  But  we  began  to  notice  that 
there  were  cases  where  standardization 
went  awry  because  we  standardized  a 
process  that  required  more  variability 
and  flexibility  than  we  were  allowing.  By 
standardizing,  we  ended  up  in  a  worse 
place.  That  whole  idea  was  the  genesis  of 
this  article:  When  and  how  does  process 
standardization  go  awry?  We’ve  all  seen 
cases  where  stuff  got  standardized  that 
shouldn’t  have  and  it  stifled  innovation. 

What  is  an  artistic  process,  and  when 
might  one  be  needed  in  the  IT  environ¬ 
ment?  When  we  say  “artistic  process,” 
that  language  seems  a  little  flaky,  espe¬ 
cially  for  CIOs.  We  define  them  by  the 
way  they  operate.  That  is,  an  artistic 
process  has  to  operate  with  lots  of  vari¬ 
ability  in  inputs  to  the  process,  how  it 
operates  and  in  the  outputs  —  and  that 
variability  is  viewed  positively  by  the 
customer.  That’s  critical.  If  custom¬ 
ers  value  variability  in  output,  then 
standardizing  that  process  will  shackle 
competitive  advantage. 

When  IT  puts  its  eyes  on  a  customer¬ 
facing  system  and  starts  thinking  of 
standardizing  that  system,  it  should 
first  ask  the  question,  “Is  this  process 
one  where  customers  value  variability?” 

Can  you  give  me  an  example?  Maybe  the 
way  you  operate  in  France  is  different 
from  the  way  you  operate  in  Italy  or 
the  U.S.  If  you  try  to  roll  out  a  standard 
process,  you  may  be  destroying  poten¬ 
tial  value  for  the  firm. 

How  can  an  IT  manager  identify  which  proc¬ 
esses  should  be  science  and  which  should 
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How  to  Identify  an  Artistic  Process 


Value  of 
output 
variation  to 
customers 


Process  environment 
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LOW  VARIABILITY 

HIGH  VARIABILITY 

Mass 

Artistic 

customization 

processes 

Mass 

Nascent  or  broken 

processes 

processes 

be  art?  It’s  really  all  about  whether  the 
customer  values  the  variability.  As  a 
CIO,  you  need  to  think  about  end  cus¬ 
tomers  and  also  customers  in  the  orga¬ 
nization,  and  how  both  are  valuing  what 
you’re  doing.  If  the  business  requires 
more  flexibility,  then  there  is  some 
value  in  variability  and  you  have  to  be 
careful  about  process  standardization. 
But  standardization  often  makes  tre¬ 
mendous  sense  in  back-end  processes. 

You  write  that  new  processes  often  start 
as  artistic  and  then  settle  into  scientific. 
How  does  a  CIO  manage  that?  We  see  that 
when  CIOs  interact  with  innovative 
new  businesses  that  spring  up  within 
an  organization.  A  brand-new  business 
in  the  context  of  a  large  enterprise  can 
be  killed  off  by  process  standardization. 
A  CIO  can  look  at  that  and  know  it’s 
much  more  “artistic”  —  in  quotes. 

We’re  not  saying  they’re  all  poets  — 
just  that  it  requires  more  flexibility  and 
variability  in  the  ways  it  operates.  The 
ways  a  new  business  goes  to  market  can 
be  changing  over  the  first  six  to  nine 
months,  and  if  you  try  to  standardize  it, 
you  may  be  shackling  it.  Smart  compa¬ 
nies  will  take  steps  to  avoid  that  some¬ 
times.  They  know  the  standards  of  the 
enterprise  many  times  are  fatal. 

But  there  are  counterexamples. 

When  a  firm  acquires  a  business,  some¬ 
times  it’s  best  to  standardize  those 
processes  and  bring  them  into  the 
enterprise,  because  though  it  may  be  a 
new  business  for  the  enterprise,  it  may 
be  reasonably  mature  and  ready  to  stan¬ 
dardize.  Cisco  is  famous  for  bringing 
new  businesses  into  its  IT  systems  very 
quickly  and  standardizing  a  lot  of  proc¬ 
esses  as  a  result.  But  it  didn’t  do  that 
with  everything.  With  Linksys  [home 
office  systems],  for  example,  Cisco  left 
a  lot  alone  because  it’s  a  consumer  type 
of  business  that  required  more  “art.” 


How  should  an  IT  manager  measure  the 
success  of  an  artistic  process?  One  of  the 

key  things  we  argue  is  that  artistic  proc¬ 
esses  create  variability  that  the  custom¬ 
er  values.  So  if  that’s  true,  then  you  have 
to  measure  from  a  customer  viewpoint 
and  get  real  feedback  from  customers. 
You  can  convince  yourself  that  custom¬ 
ers  value  all  kinds  of  things  they  really 
don’t  care  about,  and  variability  can  re¬ 
ally  be  kind  of  annoying  to  them.  So  you 
always  have  to  measure  from  a  strong 
customer-feedback  point  of  view. 

How  does  this  work  in  practice?  Take  a 
CRM  system.  I  know  from  lot  of  history 
that  customers  care  about  how  long  it 
takes  to  answer  a  question.  I’m  the  CIO, 
and  I’m  doing  a  bunch  of  standardiza¬ 
tion  to  speed  that  up.  I  don’t  have  to 
survey  customers  to  ask  if  they’re  get¬ 
ting  happier.  I  know  that  reducing  the 
time  will  make  them  happier. 

But  if  it’s  more  of  an  artistic  process, 
where  they’re  valuing  more  variability 
in  outcome,  I  need  to  be  talking  to  and 
understanding  the  customer  and  get¬ 
ting  good  feedback. 

You  write  that  artistic  and  scientific  proc¬ 
esses  sometimes  work  together.  Can  you 
give  an  example?  On  an  IT  help  desk, 
there  are  a  lot  of  examples.  Maybe 
some  customers  with  a  very  straight¬ 
forward  type  of  question  can  be  tri¬ 
aged  into  a  very  standardized  process 
because  speed  is  the  objective.  But  you 
may  need  special  processes  for  people 
working  with  executives  who  are  trav¬ 
eling  internationally,  and  they  may  be 


■  We’ve  all  seen  cases 
where  stuff  got  standardized 
that  shouldn  t  have  and  it 
stifled  innovation. 


on  different  platforms  and  have  differ¬ 
ent  problems  and  wouldn’t  be  so  happy 
with  the  standard  help  desk  process. 

And  sometimes  through  triaging,  you 
find  that  that  executive  in  Asia  really  has 
a  simple  e-mail  problem,  so  then  he  goes 
back  into  the  standardized  process.  We 
call  this  drawing  the  line  between  art 
and  science,  and  you  have  to  know  when 
to  toss  people  back  from  one  to  the  other. 

You  can  see  it  in  IT  projects:  There 
are  parts  where  you’re  doing  certain 
configurations  or  coding  and  you  want 
a  lot  of  standardization,  but  where  the 
process  architects  are  bringing  together 
the  pieces,  there’s  a  lot  more  art  in  that. 

How  does  an  IT  manager  train  people  to 
perform  an  artistic  process?  Artists  are 
folks  who  understand  not  just  IT  but 
also  the  business,  and  [they]  understand 
when  you  can  standardize  and  when  you 
need  variability.  Training  those  people 
means  immersing  them  in  the  business 
so  they  can  help  the  IT  organization 
better  deliver  projects  that  match  the  or¬ 
ganization’s  need.  That  kind  of  training 
requires  more  of  an  apprenticeship  than 
some  other  types  of  training.  You  might 
stick  them  into  a  marketing  organization 
and  have  them  actually  be  a  marketing 
person  for  six  months  or  a  year  —  or  HR 
or  the  CFO’s  organization  —  and  have 
them  spend  time  and  come  back  with 
that  knowledge.  That  gives  a  deeper  ap¬ 
preciation  for  when  variability  is  needed. 

What  is  “art  diffusion,”  and  why  is  it 
dangerous?  We’re  not  denying  that 
standardization  is  good  in  many  places. 
Diffusion  is  when  the  freedom  of  the 
artist  begins  to  get  incorporated  into  a 
lot  of  places  in  the  organization  where 
you  don’t  want  that.  In  the  CIO’s  or¬ 
ganization,  there  are  plenty  of  folks 
you  don’t  want  [getting  artistic].  If 
your  job  is  coding  or  monitoring  the 
firewall,  you  want  good  standards  and 
you  don’t  want  them  making  it  up  as 
they  go  along.  Often,  when  you  go  to 
very  young  start-up  companies,  they 
are  very  artistic,  and  pretty  soon  every¬ 
body  feels  like  they’re  an  artist,  even  if 
they’re  in  accounts  payable.  You  don’t 
want  that  kind  of  feeling.  So  you  always 
want  to  draw  bright  lines  between  what 
really  is  art  and  what  is  not.  If  I’m  in  the 
call  center  for  e-mail  problems,  I  need 
to  stay  on  script.  I’m  not  an  artist.  ■ 
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■  SECURITY  MANAGER’S  JOURNAL  i  MATHIAS  THURMAN 


Location  a  Small  Detail 
In  Security  World 

Russia?  China?  Vietnam?  Makes  nodiffer- 
ence  as  long  as  you  have  solid  policies  in 

place  and  set  the  right  tone  from  the  start. 


I’LL  BE  traveling  again 
in  the  next  few  weeks, 
this  time  to  Vietnam. 
We’ve  been  outsourc¬ 
ing  some  of  our  operations 
to  low-cost  nations  for 
years:  Russia  for  source- 
code  development,  India 
for  help  desk  services  and 
China  for  manufacturing, 
among  others.  Vietnam 
is  new  to  the  list,  but  as  I 
stressed  during  the  meet¬ 
ings  about  this  engage¬ 
ment,  there  are  no  special 
security  considerations. 
We  follow  the  same  proce¬ 
dures  wherever  our  part¬ 
ners  are  located.  From  my 
perspective,  the  only  differ¬ 
ence  is  in  the  local  cuisine. 

To  enhance  security  as 
my  company  works  with 
third  parties,  I  wrote  a 
policy  and  had  it  ratified  by 
my  CIO.  It  sets  the  security 
requirements  for  all  part¬ 
ner  connections,  including 
physical  security.  It  also 
lays  out  audit  requirements 
and  contains  some  contrac¬ 
tual  verbiage  specifying  the 
partners’  responsibilities. 
The  policy  is  actually  quite 
simple:  Any  partner  con¬ 
nection  to  our  company’s 
internal  network  requires 
my  approval,  and  my  ap¬ 
proval  hinges  on  successful 


compliance  with  our  part¬ 
ner  connectivity  policy. 

A  first  visit  to  a  partner 
is  crucial,  since  it  sets  the 
stage  for  the  relationship. 
It’s  my  opportunity  to 
demonstrate  the  impor¬ 
tance  my  company  places 
on  the  protection  of  its 
intellectual  property  and 
the  integrity  of  its  network. 
After  all,  visiting  a  country 
on  the  other  side  of  the 
world  isn’t  as  easy  as  driv¬ 
ing  across  town. 

So  here’s  my  agenda  for 
my  first  visit  with  any  new 
partner.  My  company’s 
policy  states  that  a  secure 
connection  must  be  estab¬ 
lished  between  the  partner 
and  our  company.  We  typi¬ 
cally  accomplish  this  via  a 
small  Juniper  firewall  on 
the  partner’s  premises  and 
a  VPN  tunnel  between  it, 
and  a  much  larger  firewall 
at  our  headquarters  or  a 
closer  regional  office.  This 

H  We  follow  the 
same  procedures 
wherever  our  part¬ 
ners  are  located. 
For  me,  the  only 
difference  is  in  the 
local  cuisine. 
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allows  us  to  maintain  con¬ 
trol  of  all  the  IP  addresses, 
ports  and  protocols  in¬ 
volved  in  data  traffic  be¬ 
tween  the  partner  and  our 
internal  network. 

We  also  require  that  all 
Internet  connections  be 
routed  through  our  gate¬ 
ways,  not  the  partner’s.  We 
learned  about  the  need  to 
do  this  the  hard  way,  after 
various  partners’  employees 
used  their  companies’  Inter¬ 
net  connections  to  steal  our 
intellectual  property. 

We  mandate  that  the 
partner’s  systems  be 
logically  separated  from  its 
company  network  and  that 
all  systems  have  all  the  lat¬ 
est  patches  and  employ  the 
leading  antivirus  software. 
What’s  more,  no  unneces¬ 
sary  security  software 
(such  as  sniffing,  scanning 
or  password-cracking  utili¬ 
ties)  can  be  installed  on 
any  of  the  systems. 

GETTING  PHYSICAL 

I  also  have  to  check  on 
physical  security.  I  don’t 
like  mingling  workspaces; 
the  thought  that  a  partner 
might  have  people  who  are 
working  for  my  company 
sharing  space  with  people 
who  might  be  working 


Trouble 

Ticket 

AT  ISSUE:  The  firm  is 
outsourcing  operations  to 
Vietnam  for  the  first  time. 

ACTION  PLAN:  Policies 
that  have  worked  with 
other  partners  around 
the  world  are  already  in 
place,  so  just  follow  the 
routine. 


for  one  of  our  competi¬ 
tors  doesn’t  sit  well  with 
me.  Therefore,  our  policy 
requires  a  physically  sepa¬ 
rate  work  area  for  the  em¬ 
ployees  who  will  be  han¬ 
dling  our  sensitive  data. 
Sometimes  the  partner 
has  to  bear  the  expense  of 
building  walls,  installing 
doors  and  implementing 
a  badge  system,  but  the 
cost  usually  isn’t  onerous. 
Labor  is  inexpensive  in  all 
of  our  partner  countries; 
that’s  why  we’re  there. 

Finally,  I  inspect  physi¬ 
cal  and  personnel  security 
controls  for  the  building. 
Cameras,  door  and  win¬ 
dow  alarm  systems,  sign- 
in  logs,  and  badge  access 
systems  are  all  reviewed. 

I  also  restrict  the  use  of 
wireless  access  points  for 
the  partner  network. 

Once  my  audit  is  com¬ 
plete,  I  create  a  report  and 
mark  the  calen¬ 
dar.  Once  a  year, 
a  new  audit  will 
be  conducted  to 
ensure  that  the 
partner  is  com¬ 
plying  with  our 
security  policies. 

Of  course,  on  a  personal 
level,  it’s  always  interesting 
to  visit  a  new  place.  Bring 
on  the  pho!  ■ 

This  week’s  journal  is  writ¬ 
ten  by  a  real  security  man¬ 
ager,  “Mathias  Thurman,” 

whose  name  and  employer 
have  been  disguised  for 
obvious  reasons.  Contact 
him  at  mathias_thurman@ 
yahoo.com. 


|  COMPUTERWORLD.COM 

0  JOIN  IN 

To  join  in  the  discussions 
about  security,  go  to 

computerworld.com/ 

blogs/security 


OPINION 


Bart  Perkins 


Take  Advantage 
Of  the  Recession 


IRTUALLY  EVERY  IT  organization  is  feeling  the 
impact  of  the  recession.  Many  have  been  forced  to 
cut  services,  and  some  have  cut  staff  as  well.  Most 
new  projects  have  been  eliminated,  even  those 
with  compelling  business  cases.  Organizations  have  cut  all  the 
fat  (to  the  bone,  in  some  cases)  to  meet  budget  constraints. 


But  there  is  a  silver 
lining.  The  recession 
provides  an  opportunity 
to  challenge  the  status 
quo,  eliminate  ineffective 
systems  and  services,  and 
make  changes  that  man¬ 
agement  has  previously 
refused  to  consider. 

So  take  advantage  of  the 
recession  to  get  some  im¬ 
portant  things  done. 

■  Question  practices.  Dur¬ 
ing  a  recession,  manage¬ 
ment  demands  maximum 
efficiency  and  is  more 
open  to  new  ideas.  Most 
companies  have  at  least  a 
few  business  practices  (and 
supporting  applications) 
that  have  been  unexamined 
for  years.  Often,  they  were 
instituted  for  a  specific 
competitive  situation  or  in 
response  to  an  executive’s 
request.  Although  the  origi¬ 
nal  justification  may  no 
longer  be  valid,  the  practice 
or  application  persists. 

The  recession  is  your 
chance  to  kill  those  dino¬ 
saurs.  Take  courage  from 
IT  pioneer  Rear  Adm. 
Grace  Hopper,  who  said 
that  the  most  dangerous 


words  are  “We’ve  always 
done  it  that  way.”  Instead 
of  accepting  the  status 
quo,  ask  how  things  would 
be  handled  if  the  company 
were  just  starting  out  today. 

■  Develop  multiple  bud¬ 
gets.  Many  corporations 
are  developing  “contingent 
budgets”  describing  multi¬ 
ple  levels  of  spending  cuts 
that  will  be  made  if  rev¬ 
enues  are  down  by  certain 
amounts  relative  to  last 
year.  Those  budgets  also 
identify  investments  that 
can  be  made  if  revenues 
unexpectedly  increase. 

You  should  do  the  same. 
Determine  what  your  IT 
organization  will  do  in 
various  scenarios  before 
you’re  forced  to  react.  Cre¬ 
ate  several  plans  in  case 
there  are  multiple  rounds 
of  budget  cuts.  Also  iden¬ 
tify  and  prioritize  new 

■  Leverage  these 
turbulent  times  to 
challenge  conven¬ 
tional  wisdom  and 
corporate  inertia. 


projects  to  spend  money 
on  in  case  the  economy 
improves  and  the  business 
demands  new  capabilities. 

■  Measure  performance. 
The  management  dictum 
“If  you  can’t  measure  it,  you 
can’t  manage  it”  is  good 
advice  for  IT  execs.  In  the 
absence  of  accurate  data, 
IT  services  may  be  seen 

as  being  too  expensive, 
prompting  discussions 
about  outsourcing.  A  good 
system  of  accounting  for 
costs  and  IT  time  is  critical. 
Know  unit  costs  and  service 
levels  for  all  IT  services 
—  including  supplier  per¬ 
formance  —  and  compare 
them  to  industry  norms. 

■  Strengthen  governance. 
A  recession  exacerbates 
competition  for  limited 
resources  and  increases 
pressure  on  IT.  In  dif¬ 
ficult  times,  it’s  even  more 
critical  for  executive 
management  to  establish 
priorities,  make  appropri¬ 
ate  trade-offs  and  monitor 
program  performance. 

■  Increase  agility.  Criti¬ 
cism  of  long  IT  delivery 
schedules  is  more  severe 


in  times  of  rapid  business 
change.  Agile  development, 
with  deliverables  every  one 
or  two  months,  is  required 
during  such  times.  Adopt 
rapid  development  tech¬ 
niques,  and  plan  incremen¬ 
tal  functionality  releases. 

■  Communicate  candidly. 
The  difficult  global  econ¬ 
omy  makes  it  particularly 
important  to  communicate 
frequently  and  honestly 
with  all  stakeholders.  Lis¬ 
ten  carefully  to  executives’ 
concerns,  and  design 
creative  solutions.  Don’t 
blindside  your  manage¬ 
ment  team!  Keep  suppli¬ 
ers  informed  of  plans  and 
constraints.  Honest  com¬ 
munication  builds  loyalty 
and  allows  managers  to 
make  appropriate  business 
plans.  Remember  to  keep 
your  staff  informed  of  both 
good  and  bad  news. 

This  recession  may  be 
deep  and  long.  To  survive, 
you  must  focus  on  fun¬ 
damental  IT  principles, 
supported  by  flawless 
execution  of  basic  IT  func¬ 
tions.  Leverage  these  tur¬ 
bulent  times  to  challenge 
conventional  wisdom  and 
corporate  inertia.  Build 
consensus  to  redesign  out¬ 
dated  business  practices, 
kill  marginal  apps  and  ser¬ 
vices,  and  streamline  ar¬ 
chaic  business  processes. 
As  several  writers  have 
stated,  “A  recession  is  a 
terrible  thing  to  waste.”  ■ 
Bart  Perkins  is  managing 
partner  at  Louisville,  Ky.- 
based  Leverage  Partners 
Inc.,  which  helps  organiza¬ 
tions  invest  well  in  IT.  Con¬ 
tact  him  at  BartPerkins@ 
LeveragePartners.com. 
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Expecting  More  Job  Losses 

The  percentage  of  IT  managers  who  expected  to  reduce 
staff  within  the  next  six  months  rose  sharply  in  December. 


SOURCE  CDW  IT  MONITOR  SURVEY  OF  1.059  IT  DECISION-MAKERS 


OCTOBER  2008 

DECEMBER  2008 

Businesses  with  fewer 
than  100  employees 

3% 

5% 

Midsize 

businesses 

4% 

10% 

Businesses  with  1,000 
or  more  employees 

7% 
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|H/  Percentage  of 
J  B  llf^  .workers  who  said 
K  U  thtey  have  no  desire  to  take 

K  K  m  mM their  boss’s  job.  What’s 
K  K  more,  60%  said  they  don’t 

K  ‘  K  ’  think  they  could  do  a  bet- 

H  HI ' '  . I  .• .  v : ;  tei*  job  .than  their  boss. 

SOURCE:  OFFICETEAM  SURVEY OF602U  S  WORKERS. NOVEMBER 2008 


Q&A 

Rich  Milgram 

The  CEO  of  Beyond.com 
Inc.,  a  network  of  niche 
career  communities  that 
includes  TechCareers.com,  assesses 
the  employment  outlook. 


Even  as  mass  layoffs  started 
to  hit  workers  in  September, 
you  remained  very  optimistic 
about  the  prospects  for  IT 
employment.  After  a  few 
more  months,  has  that  opti¬ 
mism  been  tempered, 
especially  after  Beyond.com 
reported  a  significant  de¬ 
crease  in  IT  job  postings  in 
the  fourth  quarter?  While  IT 
remained  strong  at  the  beginning  of 
2008,  the  recession  finally  began 
taking  a  toll  on  the  IT  job  market.  As 
the  economy  continued  to  weaken, 
IT  spending  and  development 
slowed,  along  with  the  funding  of 
new  technology  companies.  We 
recognized  the  biggest  impact  in 
the  fourth  quarter  of  2008,  as  IT 
jobs  decreased  by  3.53%  over 
the  previous  quarter  and  showed 
the  largest  overall  decrease  of  any 
industry  this  year. 

However,  even  in  this  extremely 
tight  economy,  it’s  tough  not  to  re¬ 
main  optimistic  about  the  long-term 
opportunities  for  IT  professionals. 
While  it’s  true  that  many  technology 
initiatives  have  been  scaled  back, 
technology  still  remains  a  funda¬ 
mental  element  of  the  world  today 
and  continues  to  be  a  catalyst  for 
every  business  and  industry. 

Although  the  current  market  has 
made  it  difficult  for  IT  workers  to 
find  full-time  employment,  we  need 
to  remember  that  this  job  trend  is 
not  unusual  in  the  tech  world.  There 
will  always  be  highs  and  lows  when 
it  comes  to  hiring,  and  once  the 
economy  begins  to  stabilize,  the 
IT  industry  will  be  among  the  first 
to  grow  again.  IT  is  still  among  the 
strongest  industries  and  will  prove 
its  long-term  stability  and  growth 
as  businesses  realize  the  demand 
to  keep  up  with  the  ever-changing 
world  of  technology  in  the  future. 


Do  you  have  any  tips  for 
people  who  have  been  looking 
for  a  job  since  the  downturn 
began?  The  weakened  economy 
and  high  unemployment  rate  have 
dramatically  increased  the  number 
of  qualified  candidates  in  today’s 
job  market,  making  it  even  more  dif¬ 
ficult  for  job  seekers  to  get  noticed 
by  employers.  As  a  result,  IT  job 
seekers  will  need  to  perfect  their 
technical  skills,  take  advantage  of 
new  learning  opportunities  and  look 
for  ways  to  demonstrate  value  to 
employers  to  increase  their  chanc¬ 
es  of  finding  a  job.  Keep  in  mind 
that  finding  a  job  is  not  an  exact 
science,  so  it  is  going  to  take  some 
trial  and  error  to  determine  the  best 
job-search  methods. 

Job  seekers  should  use  all  of 
their  available  online  resources,  as 
well  as  old-school  tactics  such  as 
networking  with  friends  and  recon¬ 
necting  with  former  colleagues 
or  classmates.  They  should  leave 
no  stone  unturned.  IT  profession¬ 
als  should  identify  their  unique 
attributes  and  selling  points,  and 
look  for  effective  ways  to  promote 
themselves  online  and  through  their 
networking  contacts.  They  should 
also  "think  local.”  Companies  are 
no  longer  paying  for  relocation,  so 
tech  professionals  should  check 
out  local  job  boards  in  their  area, 
as  well  as  industry-specific  sites 
like  TechCareers.com  to  ensure 
that  they  are  accessing  the  right 
resources  and  connecting  with  the 
right  employers. 

One  of  the  most  important  things 
that  IT  professionals  should  re¬ 
member  is  to  maintain  a  positive  at¬ 
titude  throughout  this  difficult  time 
and  realize  that  today’s  challenges 
will  lead  to  greater  opportunities  for 
them  in  the  future. 

-JAMIE  ECKLE 
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careers 


ATTENTION... 

Law  Firms 
IT  Consultants 
Staffing  Agencies 


Are  you  frequently 
placing  legal  or 
immigration  advertisements? 

Let  us  help  you  put 
together  a  cost-effective 
program  that  will  make  this 
time-consuming  task  a 
little  easier! 

Place  your 

Labor  Certification  Ads  here! 


For  more  information 
contact  us  at: 


800.762.2977 


IT 


careers 


Galaxy  Software  Solutions 
seeks  DBA,  System/ 
Programmer  Analyst,  Software 
Engineers  to  customize  appli¬ 
cations  using  Oracle,  VB,  etc. 
Require  MS  or  BS  with  1-5 
years  exp.  Jobsite  various. 
Send  resumes  to 
jobs2008@galaxy-soft.com. 
EOE. 

Vision  IT  Service  has  multiple 
openings  for  Analysts,  DBA,  SI 
W  Engineers,  IT  manager  using 
special  tools  per  project 
requirements.  Travel  required. 
Min  MS  or  BS+1-5yr  IT  exp. 
Send  resumes  to  hr@visioni- 
tusa.com.  No  calls.  EOE. 


Didn’t  find  the 
IT  career 
that  you  were 
looking  for? 


Check  back  with  us  weekly 
for  fresh  listings  placed 
by  top  companies 
looking  for  skilled 
professionals  like  you! 


iTjcareers 


Computer  Professionals 
needed  (Iselin,  NJ)  IT  firm, 
Programmer  Analysts  and  S/w 
Engineers,  to  develop,  create, 
&  modify  general  comp,  appli¬ 
cations  s/ware  or  specialized 
utility  programs.  Analyze  user 
needs  &  develop  software  solu¬ 
tions  using  various  computer 
programming.  Apply  w/2  cop¬ 
ies  of  resume  to  HRD  Geeksoft 
LLC,  33  Wood  Ave  South,  Suite 
#  600,  lselin.NJ-08830 


Workers’s  Compensation 
Insurance  Rating  Bureau  seeks 
Sr.  Application  Software 
Engineer  in  San  Francisco,  CA 
to  ensure  software  engineering 
for  large-scale  app  development 
&  data  migration  projects.  Req 
ETL  Informatica  &  SQL  Server 
2005  exp.  Mail  resume  to: 
WCIRB.  Attn:  D.  Smith.  525 
Market  Street,  Ste.  800,  San 
Francisco,  CA  94105.  Ref  job 
code:  020109SASE 


Sr.  Systems  Analyst  w/Masters  or 
foreign  equiv.  in  Comp  Sci  or 
Engg  &  1  yr  exp.  Analyze,  dsgn, 
code  &  test  s/ware  applies  using 
SAP  ABAP,  CRM  Middleware,  Ul 
framework,  XI,  Java  &  SAP 
Netweaver.  Work  in  SDLC  incl 
reqmts,  Adobe  forms,  ALE  / 
IDOCs,  Work  Flows,  User  Exits, 
BADIs  &  other  aspects  of  ABAP 
in  SCM,  HR  &  FI/CO  modules. 
Supv  2  Consultants.  Mail  res  to: 
Empower  Technology  Solutions 
Inc.,  196  Princeton  Hightstown 
Rd,  Bldg.  2,  Ste  14,  West 
Windsor,  NJ  08550.  Job  loc: 
West  Windsor,  NJ  or  in  any 
unanticipated  Iocs  in  USA. 


Seeking  candidate  with  PhD 
Computer  Science,  education 
coursework,  two  years  expe¬ 
rience  applying  educational  tech¬ 
nology  in  classrooms,  Lisp,  and 
two  post-thesis  publications  for 
position  as  Senior  Project 
Manager.  Duties:  Design, 

develop,  test  software  products. 
Conduct  outreach  in  schools. 
Teach  computational  science 
classes.  Twice  yearly  publish 
results  of  research.  Send 
resume  and  cover  letter  only  to 
Nadia  Repenning,  AgentSheets 
Inc.,  6560  Gunpark  Dr.,  Suite  D, 
Boulder,  CO  80301. 


CO-BRANDED 

EMAIL 
BLASTS 

Reach  your  targeted  audience  of  professional  IT  job  seekers 
with  Computerworld’s  Co-Branded  Email  Blasts.  This  unique 
program  allows  you  to  choose  your  criteria  of  100%  opt-in 
subscribers  by  geography,  company  size,  job  title  and  industry. 

COMPUTERWGRLD 

Call  ITCareers  Director  of  Sales,  IT  f*APETjri}Q 
Dawn  Cora  at  800-762-2977  for  details!  I  uMfflJi'Ut 
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■  FRANKLY  SPEAKING 

Frank  Hayes 

Threats  Made  Easy 


LASTWEEK,  I  saw  a  plug-and-play  Web  camera. 

OK,  you’ve  seen  things  called  that  before,  but  this 
was  different.  It  works  like  this:  You  plug  a  gateway 
device  into  a  network.  You  switch  on  the  battery- 
powered  camera.  You  push  one  button.  Now  you  have  a 
palm-size  device  beaming  live  images  onto  your  network. 

It’s  30  seconds  of  setup,  then  an  endless  security  nightmare. 


Did  I  mention  that 
although  the  gateway 
device  plugs  into  a  wired 
network  connection,  the 
camera  itself  is  wireless? 
And  that  it  can  transmit 
up  to  100  feet  inside  a 
building  to  the  gateway? 

So  at  $299  (available 
this  summer  from  a  start¬ 
up  called  Avaak  under 
the  name  Vue  Personal 
Video  Network),  practi¬ 
cally  any  disgruntled 
user  is  capable  of  real¬ 
time  corporate  espionage. 
He  sticks  a  tiny  camera 
on  a  conference  room 
wall,  and  suddenly  he  can 
see  what  he’s  not  sup¬ 
posed  to  see.  Aim  it  at 
“eyes  only”  documents, 
and  suddenly  they’re  no 
longer  so  confidential. 

How  can  something  so 
cheap  be  potentially  so 
costly  to  you? 

And  it  will  be,  if  you’re 
blindsided  by  it.  If  you 
just  do  occasional  scans 
for  rogue  devices,  plenty 
of  video  could  be  trans¬ 
mitted  beyond  the  fire¬ 


wall  before  you  spot  that 
gateway  on  the  network. 

But  if  you  know  about 
the  Vue  and  how  it 
works,  it’s  not  tough  to 
manage.  The  camera 
transmits  to  the  gateway, 
which  sends  the  video 
to  Avaak,  which  makes 
it  available  to  the  user 
through  a  Web  page. 
Block  the  outbound  traf¬ 
fic  to  Avaak’s  servers,  and 
you’ve  neutralized  the 
threat.  (Well,  you’ll  still 
have  a  disgruntled  user 
out  there  to  deal  with. 

But  you’ll  have  handled 
the  technology  issue.) 

Of  course,  if  you  know 
about  the  Vue,  you  can 
also  use  it  as  a  cheap,  fast 
way  to  set  up  a  tempo¬ 
rary  security  camera.  Or 

M  That’s  the  thing 
about  cheap 
consumer  tech: 

It  can  be  a  royal 
pain  -  or  an 
inexpensive  way 
to  solve  problems. 


as  an  ad  hoc  videocon¬ 
ferencing  system.  Or  as  a 
tool  for  supporting  a  user 
when  controlling  his  PC 
remotely  isn’t  enough. 

That’s  the  thing  about 
cheap  consumer  tech  in 
the  midst  of  a  recession: 

It  can  be  a  royal  pain  at 
a  time  when  we  don’t 
have  spare  money  in  the 
budget  to  keep  it  from 
causing  trouble.  Or  it  can 
be  an  easy,  inexpensive 
way  to  solve  problems 
at  a  time  when  we  don’t 
have  spare  money  in  the 
budget  to  do  it  the  way 
we’d  like. 

Here’s  another  exam¬ 
ple:  Symantec  is  working 
on  a  consumer  version 
of  its  remote-control 
product,  pcAnywhere. 
Currently  dubbed  Project 
Guru,  it’s  designed  for 
power  users  and  IT  peo¬ 
ple  who  are  called  on  to 
solve  the  PC  problems  of 
family  and  friends.  Typi¬ 
cal  scenario:  Mom  gets 
an  e-mail  from  her  son 
the  techie  and  downloads 


a  simple  remote-control 
client,  and  then  Sonny 
can  take  control  of  her 
PC  through  a  Symantec 
Web  site. 

It’s  cheap,  it’s  easy,  and 
it’s  highly  dangerous  in  a 
world  where  spammers 
regularly  get  users  to 
download  malware  and 
upload  financial  informa¬ 
tion.  But  it  could  also  be 
a  great  way  to  handle 
remote  tech  support  on 
employees’  home  PCs 
that  are  used  for  work. 

And  another  one: 

Citrix  is  now  beta-testing 
GoView,  which  makes 
it  easy  to  record  a  user’s 
screen  session;  the  video 
is  automatically  streamed 
to  host  servers  at  Citrix, 
where  it  can  be  accessed 
by  anyone  with  the  right 
URL.  See  the  training 
possibilities?  See  the  se¬ 
curity  threat? 

Look,  you  can’t  stop 
this  sort  of  potentially 
dangerous  consumer 
tech  from  existing.  But 
you  can  keep  up  on  it.  (I 
saw  these  three  at  the 
Demo  09  show;  video  of 
them  is  at  the  Demo.com 
Web  site.)  You  can  learn 
how  to  keep  it  in  check. 
Maybe  you  can  even  get 
productive  use  out  of  it. 

Just  make  sure  you  see 
it  before  your  users  do.  ■ 
Frank  Hayes  is  Computer- 
world’s  senior  news 
columnist.  Contact  him 
at  frank_hayes@ 
computerworld.com. 
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veri70n  wireless 


High-speed  Internet 
when  you  need  it. 

Mobile  Broadband  on  America's  Largest  and 
Most  Reliable  3G  Network, 


Mobile  Broadband.  One  of  the  many  tools  in  the  Verizon  Wireless  Small  Business  Toolbox. 

Nothing  slows  you  down  when  you  have  a  mobile  broadband  USB  modem  for  your  PC  or  Mac.  Browse  the  Internet 
and  access  email  at  broadband  speeds.  So  you  can  work  just  about  anywhere  work  takes  you.  Visit  a  Verizon  Wireless 
store  and  ask  a  small  business  specialist  to  recommend  the  best  solution  for  your  small  business. 


FREE 

UM  175  USB  Modem 

$49.99  2-yr  price  less  $50.00  mall-in  rebate  debit  card. 
New  2-yr  activation  on  a  Mobile  Broadband  plan  required. 


Call  1.800.VZW.4BIZ  Click  verizonwireless.com/smallbusiness  Visit  your  local  Verizon  Wireless  store 

Activation  fee/line:  $35. 

IMPORTANT  CONSUMER  INFORMATION:  Subject  toCustomer  Agmt,  Calling  Plan,  rebate  form  and  credit  approval.  Up  to  $175  early  termination  fee,  and  other  charges.  Mobile  Broadband  is  available  to  over  260  million  people  in  258  major  metropolitan  areas  C  "er-  :  ■  .erage, 
varying  by  service,  not  available  everywhere.  Rebate  takes  up  to  6  weeks  &  expires  in  12  months.  Limited  time  offer  While  supplies  last.  Shipping  charges  may  apply.  See  verizonwireless.com/bestnetwork  for  details.  ©  2009  Verizon  Wireless. 


Your  data  warehouse  has  never 
housed  anything  like  this. 


With  Microsoft®SQL  Server®2008  Enterprise  you  can  take  data  warehousing 
to  the  next  level,  and  deliver  a  new  form  of  energy  to  your  company. 

SQL  Server  2008  Enterprise  provides  built-in  OLAP  analysis,  data  mining, 
and  data  compression  functionality.  Oracle  charges  extra  for  this  functionality.' 
A  lot  extra.  Discover  more  energy  at  SQLServerEnergy.com 


Microsoft 

SQL  Server  2008 


Y.?. 

Pr  iar$  is  based  on  Microsoft  estimated  retail  price  and  published  Oracle  prices  available  at  http://www  oracle.com/corporate/pricing/technology-price-list.pdf  as  of  12/01/2008  Actual  reseller  prices  may  vary. 


